Why a multi-layered technological approach can help the airline industry get back on board and safe to fly

‘This article first appeared on Philippe Vallee’s LinkedIn’

The impact of COVID-19 on the travel industry has been dramatic. For over three months, flights around the world have been grounded as travel has become limited by necessity to slow the transmission of the virus. This downturn has had a material impact on airlines globally, with several carriers having to downsize or seek financial intervention from respective governments.

Now, with more flights in the air including various air bridges between countries with low infection rates, the airline and airport industries are preparing to adapt to a post-pandemic landscape. This includes a strict set of limitations such as social distancing, minimum contact points and preventing unwell passengers from travelling. As well as complying with these new regulations, airports face the ultimate challenge of rebuilding passenger trust in the process of travelling by air again.

These are two barriers that travel operators need to tackle as international travel inches back toward normality.

Fortunately, technology has a key role to play in the reopening of airports, aiding in the prevention of the further spread of the virus and bolstering consumer confidence. While travel is unlikely to return to a pre-lockdown normality until there is a vaccine, effective but convenient tech-enabled measures need to be put in place quickly.

Technology to enforce social distancing

With social distancing remaining a key recommendation from the World Health Organisation (WHO) even as lockdowns around the world start to lift, airports face the challenge of having to limit overcrowding, all the while acknowledging that airport buildings are designed with bottlenecks for the purposes of security and safety.

Security checks, for example, have funnelling and queuing baked in as a key procedure to allow staff to carry out necessary checks on successive passengers without being overwhelmed. Airside retailers, cafés and bar are also limited in the amount of space they can offer consumers, owing to restrictions of the footprint. Regulating passenger flow through the infrastructure is therefore key if airports are to enforce social distancing while still leaving enough time for each passenger at the airport.

Occupancy management technology can play an important role here. Machine learning-based algorithms regulate the flow of passengers by only allowing them to move forward into sterile areas once the occupancy rate is deemed acceptable. Under this system, passenger priority is determined by the real-time monitoring of departure times and then enforced through existing airport equipment – meaning that if a flight is delayed, for example, the boarding pass reader will not allow passengers on that flight to go through security. As a machine learning technology, it also learns passenger movement patterns, helping airport operations teams understand when flash points might occur.

Additionally, airports also can provision passengers with anonymous wearable tags purely for the duration they are in the airport. The aim of the tag is to empower passengers with the ability to maintain social distancing – beeping when two tags interact for a certain period at a specified and customisable distance. This technology can also help operations staff carry out traffic control, helping to understand areas where people are naturally congregating, for example.

These measures are an effective way for airports to avoid overcrowding in a way that doesn’t inconvenience passengers or restrict their access to on-site hospitality. It will also help airport managers prevent having to materially change the layout of their buildings, thereby keeping costs down.

Hands-free terminals                  

Technology can also play a key role in minimising the number of surfaces that passengers will touch as they move through the terminal.

Biometric identification, which underpins the facial recognition technology used at self-service security checkpoints, can in theory be applied end-to-end across the passenger’s journey. The principle is simple and transparent; a passenger is given a unique temporary ID when they check-in from home. This token then follows the passenger through bag-drop, security, immigration and boarding, before being deleted once they board their flight.

This fundamentally reshapes the airport experience – heavily reducing the number of interactions with staff and scrambling to find documentation at every step of the way. The ensuing benefits are an enhanced and vastly more convenient experience for passengers.

Health checkpoints to reduce transmission

As health officials around the world attempt to supress a second spike of the virus, the role of airports to act as gateways for sanitary control is very important. As well as helping to fight the contagion, this is a key measure in helping restore passenger confidence in flying.

Once again, technology can play an important part here in equipping airports with the ability to identify markers of infection. Temperature checks, for example, can be carried out by fitting existing CCTV networks with thermal imaging equipment to help control centre staff to spot at-risk passengers before they might even be aware of infection themselves. This can also be paired with more traditional swabbing stations as part of an all-encompassing screening process.

Alongside symptom screening questionnaires, this can enable airports to build up a picture of infection as well as possible routes of contagion, becoming a powerful tool to help understand the spread of the virus. This data can then be used by authorities to determine ongoing measures, whether that’s localising lockdowns or re-introducing quarantine measures if the number of arriving infections starts to increase. In sum, the richer the dataset, the more capably we’ll be able to fight the virus.

—

Like many other sectors, air travel is facing unprecedented levels of disruption. It needs to think quickly to rebuild passenger confidence and minimise ongoing damage – and technology provides the answers. In fact, airports themselves are uniquely positioned to fight the spread of the virus and can use its unique infrastructure to its advantage. In doing so, the industry can show other sectors – transport and beyond – how a proactive approach to beating the virus can reap rewards.

Find out more about how my colleagues can help you rebuild passenger trust in flying again here: https://www.thalesgroup.com/en/group/journalist/magazine/how-restore-passenger-trust-air-travel

You can also find the link to our on-demand webinar, which addresses COVID-19 challenges at airports and how we can restore passenger trust here: https://www.bigmarker.com/thales-digital-events/Regaining-passenger-trust-to-fly-again-Thales-solutions-for-airports-post-COVID3-2020-07-23-02-00-am?utm_bmcr_source=replay

 

The post Why a multi-layered technological approach can help the airline industry get back on board and safe to fly appeared first on Cybersecurity Insiders.

July 30, 2020 at 09:10PM

Read More

Cybersecurity Skills Crisis Worsens for Fourth Year in a Row, Impacting 70% of Organizations

MILFORD, Mass. & VIENNA, Va.–(BUSINESS WIRE)–The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted nearly three quarters (70 percent) of organizations, as revealed today in the fourth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG). The top ramifications of the skills shortage for organizations (or cybersecurity teams) include an increasing workload, unfilled open job requisitions, and an inability to learn or use cybersecurity technologies to their full potential, putting organizations at significant risk.

The cybersecurity skills gap discussion has been going on for nearly 10 years. The study confirms that there has been no significant progress towards a solution to this problem during the four years it has been closely researched. In fact, 45 percent of respondents state the cybersecurity skills shortage and its associated impacts have only gotten worse over the past few years. The question that must be answered is then: Why has nothing changed for the better?

ISSA and ESG believe that the root cause has never been addressed. What’s needed is a holistic approach of continuous cybersecurity education, where each stakeholder needs to play a role versus operating in silos. The data uncovered in this research year over year point to these indicators:

Cybersecurity professionals need a comprehensive globally accepted career development plan

Without guidance and a clear path to follow, it is difficult for new candidates to know what is needed and how to acquire the skills necessary to enter the profession. Current professionals are far too often left figuring out how to advance their careers on their own. The ESG/ISSA research reinforces these points as:

• Cybersecurity professionals continue to need career guidance. Sixty-eight percent of the cybersecurity professionals surveyed don’t have a well-defined career path and historical solutions are only compounding problems.
• Cybersecurity careers depend upon hands-on experience and hands-on experience requires a job. When asked which was most important for their career development: hands-on experience or security certifications, 52 percent chose hands-on experience. Still, 44 percent claim that hands-on experience and certifications are equally important. This combination requires the right job, the right experience, and the right career plan but few cybersecurity professionals can claim this combination.
• It takes years to become a proficient cybersecurity professional. Thirty-nine percent believe it takes anywhere from 3 to 5 years to develop real cybersecurity proficiency, while 22 percent say 2 to 3 years and 18 percent claim it takes more than 5 years. This means that entry level cybersecurity pros should be viewed as long-term investments, not immediate problem solvers.

Businesses are not investing in their people or supporting cybersecurity integration within the organization

Sixty-four percent of respondents believe their organization should be doing somewhat or a lot more to address cybersecurity challenges. ESG and ISSA believe that business executives see this as a technical problem rather than a business issue.

• Organizations are not providing the right level of cybersecurity training. Thirty-six percent of respondents reported that they thought that their organizations should provide a bit more cybersecurity training, while 29 percent believe their organizations should provide significantly more training. Further, 28 percent believe they are not providing enough training for non-technical employees. Based on 4 years of research, training seems to be a perpetual shortcoming. Alarmingly, there seems to be on plan for improvement.
• CISOs and business executives could do more together. Fifty-five percent believe there is adequate CISO participation with executives and corporate boards in 2020, trending upward slightly. Still, 24% think that CISOs and business executives could do more together.

Other critical constituencies were also rated on their ability to keep up with cybersecurity challenges and the data indicates that industry and community at large need to step up: For example, 68 percent of respondents believe that cybersecurity technology and service vendors should be doing somewhat or a lot more and 71 percent of respondents believe the cybersecurity community at large should be doing somewhat or a lot more.

“The cybersecurity gap cannot be addressed by simply filling the pipeline with new people. What’s needed is a holistic approach, starting with public education, comprehensive career development and planning, and career mapping – all with the support and integration with the business,” said Candy Alexander, Board President, ISSA International.

“As this and past reports clearly indicate, key constituents are not looking at the profession strategically. While we are making some fragmented progress, the same issues present themselves year after year, including a shortage of skills, under-trained employees, and the stress and strain caused by a career in the cybersecurity field. These disturbing trends should be of concern to corporate directors and business executives, particularly in light of the alarming findings this year that 67% of respondents believe that cyber-adversaries have a big advantage over cyber-defenders,” said Jon Oltsik, Senior Principal Analyst and ESG Fellow.

Downloads

• The full report, “The Life and Times of Cybersecurity Professionals 2020,” represents 327 global security and IT professionals and contains much more research spanning the topics of cybersecurity careers; skills development; cybersecurity organizational considerations; security incidents and vulnerabilities; cybersecurity skills shortage; and cybersecurity activities. It can be downloaded here.
• Press Release
• Resources

About ISSA

The Information Systems Security Association (ISSA)™ is the community of choice for international cyber security professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries – from communications, education, healthcare, manufacturing, financial and consulting to IT – as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Follow us on Twitter at @ISSAINTL. Learn more about ISSA.

About ESG

Enterprise Strategy Group (ESG) is an integrated technology analyst, research, and strategy firm providing market intelligence and actionable insight to the global technology community. ESG is increasingly recognized as one of the world’s leading and most influential independent analyst firms.

The post Cybersecurity Skills Crisis Worsens for Fourth Year in a Row, Impacting 70% of Organizations appeared first on Cybersecurity Insiders.

July 30, 2020 at 09:09PM

Read More

OkCupid vulnerable to Cyber Attacks

Check Point security researchers have discovered that the users of OKCupid dating app that has more than 10m active users have several critical vulnerabilities which when exploited by hackers can push the consumer to privacy troubles.

Researchers say that hackers might have already accessed details like personal addresses, gender, private messages, profile details of users via these loopholes and could have stored data on their systems by now.

OkCupid users accounts are being taken by users through malicious URL links where hackers send victims messages enriched by malware and victims fall prey to such links and divulge some personal details like their partner preferences. And from then the hackers get hold of the account and send messages to other OkCupid users without the knowledge of the victim- that’s dicey, isn’t it?

OkCupid has already taken a note of the situation and is said to have fixed the flaws mentioned by Check Point researchers within 2 days.

Note 1- The American Friendship and Dating app has over 50 million users and has been downloaded more than 10 million times with around 50 thousand dating appointments made per week.

Note 2- In the February 2019 over a million users of OkCupid complained that they lost access to their account that could result from an earlier data breach or credential stuffing. However, OkCupid did not acknowledge the media speculations that reported data breach or technical glitch.

Note 3- Danish Researchers in May’16 have disclosed that there could hack a data set project related to the dating app accessing information of over 63,000 users with 2,620 variables.

The post OkCupid vulnerable to Cyber Attacks appeared first on Cybersecurity Insiders.

July 30, 2020 at 08:49PM

Read More

Lawsuit by LifeLabs for data breach report disclosure

Toronto based Healthcare services provider LifeLabs will soon file a lawsuit against the data watchdogs of Ontario and British Columbia for stopping the full publication of a data breach report related to a ransomware attack that took place in 2019 affecting over 15 million people.

Going deep into the details, at the end of last fall, a ransomware attack on LifeLabs database is said to have leaked the information of over 15 million of its customers.

An investigation launched by BC’s Information Protection Commissioner in association with the Ontario’s Personal Health Commissioner is said to have discovered inadequate security practices being followed by the IT Staff of LifeLabs. As a result of which, the database fell prey to the ransomware launching hackers.

In June, the Commissioner’s released a press update stating that they will publicize their investigation report to the public. And this move was strongly opposed by the management of LifeLabs as the authorities could not leak information otherwise termed to be confidential and could encourage future cyber attacks.

On July 29th, the Commissioners were intending to release the report but were opposed by LifeLabs as it was ready to abide by all the rules and regulations set forward by the Information Commissioner’s office regarding protection of user data.

As per the petition filed in the B C Supreme Court by LifeLabs lawyers, the report release was formally blocked by the law in anticipation of legal action.

More details are awaited!

Note 1- LifeLabs admitted in its recent media statement that it retrieved data by making a ransom payment to hackers after engaging experts to negotiate the payment sum in cryptocurrency with cyber criminals.

Note- 2- In Dec’19 CEO Charles Brown confirmed that the company paid a handsome sum to hackers to recover its data related to its 15 million users.

Note 3- The name of the ransomware variant that stuck its database was not disclosed to the media by LifeLabs.

The post Lawsuit by LifeLabs for data breach report disclosure appeared first on Cybersecurity Insiders.

July 30, 2020 at 10:38AM

Read More

Athens ISD to pay $50k after Ransomware Attack

Athens Independent School District shortly known as Athens ISD has made it official that it will pay $50,000 to recover its data from the ransomware attack. The Texas based school district says that it cannot afford not to pay the ransom to the hackers as all sensitive data related to teacher communications, student schedules, grades and assignments related to the school were locked from access by the cyber crooks.

News is out that all the data related to the school district was encrypted in the ransomware attack that took place early this month. And school authorities have filed for an insurance claim to bail them out of this digital crisis.

“We can’t afford not to pay it”, says Alicea Elliott, the President of AISD Board as it would take many weeks to rebuild data from the scratch.

In response to some Facebook comments that paying a ransom will encourage crime, Athens ISD responded that the attackers have assured them they will not target the school district in future after they receive the payment….tough to believe such statements from hackers!

As the educational institution cannot afford to permanent loss of valuable records, the school hired an expertise from Region 10 Education Service Center to trade out the deal with hackers.

Note- As per the Nov’19 press release, FBI stated that paying a ransom to hackers will encourage crime and will make them demand more in exchange of the decryption key. However, in February 2020 the law enforcement agency stated that victimized organizations can choose to pay a ransom in case they do not have any other choice.

The post Athens ISD to pay $50k after Ransomware Attack appeared first on Cybersecurity Insiders.

July 30, 2020 at 10:35AM

Read More

DXC Technology Update on Xchanging Ransomware Attack

TYSONS, Va.–(BUSINESS WIRE)–With its investigation into the previously disclosed (July 5, 2020) ransomware attack on a subset of its subsidiary, Xchanging, nearly complete, DXC Technology (NYSE: DXC) today provided an update on the incident. DXC has confirmed containment of the incident in the immediate days following identification with minimal impact on Xchanging customers; no loss of DXC or Xchanging customer data; no impact on the wider Xchanging or DXC IT estates; and full restoration of Xchanging customer operations. Additionally:

• DXC teams worked with affected Xchanging customers to restore access to their operating environments as quickly as possible and shared Indicators of Compromise (IOCs) and other relevant technical information;
• The forensic review and investigation has involved appropriate law enforcement and cyber defense authorities and independent cyber security firms including Mandiant/FireEye;
• There were no indications of previous infection, spread beyond initially impacted Xchanging systems, or continued infection by the threat actor;
• There is currently no evidence that Xchanging, DXC or customer data was compromised or lost; and
• Along with ongoing systems monitoring, DXC is continuously investing in and enhancing its cyber detection and response capabilities to effectively manage risk and safeguard customer and its IT estates with the continued growth of malicious cybersecurity attacks.

Xchanging is primarily an insurance managed services business that operates on a standalone basis.

About DXC Technology

DXC Technology (NYSE: DXC) helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private and hybrid clouds. With decades of driving innovation, the world’s largest companies trust DXC to deploy our enterprise technology stack to deliver new levels of performance, competitiveness and customer experiences. Learn more about the DXC story and our focus on people, customers and operational execution at www.dxc.technology.

Forward-Looking Statement

All statements in this report that do not directly and exclusively relate to historical facts constitute “forward-looking statements.” These statements represent the Company’s intentions, plans, expectations and beliefs, and are subject to risks, uncertainties and other factors many of which are outside the Company’s control. These factors could cause actual results to differ materially from such forward-looking statements. For a written description of these factors, see the section titled “Risk Factors” in the Company’s Annual Report on Form 10-K for the fiscal year ended March 31, 2020. The Company disclaims any intention or obligation to update these forward-looking statements whether as a result of subsequent event or otherwise, except as required by law.

The post DXC Technology Update on Xchanging Ransomware Attack appeared first on Cybersecurity Insiders.

July 30, 2020 at 09:09AM

Read More

Mind the gap: Why securing the remote workforce is now a top priority for businesses everywhere

Anurag Kahol, CTO of Bitglass, discusses why businesses are struggling to shift gears when it comes to secure remote access across their systems, leaving major gaps in their data protection efforts that need to be urgently addressed.

For most businesses, securing the remote workforce has been a growing priority for some time, but the unexpected emergence of COVID-19 has propelled it up the corporate agenda in a way that few could ever have imagined. The rapid shift from office-based work to home-based work, combined with a lack of adequate forward planning, has made the transition a painful one for many. Simply finding a workable remote solution has been challenging enough, let alone one that meets all the same stringent data protection measures typically found in an on-premises setup. In fact, according to new research, 41 percent of businesses are yet to implement any steps to expand secure access of their remote workforces despite over 75 percent of employees now working from home.

The research study conducted during the height of the pandemic, gives a fascinating insight into the challenges faced and how the scramble to adapt has left sensitive business data dangerously exposed to cyber threats. This article will take a look at the key research findings in more detail and assess what businesses can do to help them adapt to the ‘new normal’ in a safer, more secure manner.

Few businesses were prepared for large scale remote working

Before the start of the year, the prospect of a fully remote workforce seemed far-fetched for the majority of organisations. Indeed, almost four out of five of those questioned said less than a quarter of their workforce was working remotely prior to the pandemic. However, fast forward a few months and over 75 percent of the same organisations’ workforces are working from home indefinitely.

Such a vast shift to remote working is unlikely to be seamless without the necessary planning and infrastructure in place. Unfortunately, this often takes many months, or even years to complete, far longer than the days/weeks that organisations had to adjust. Not surprisingly,  only 29 percent of respondents claim they were fully prepared for remote working when the pandemic hit, with 33 percent saying they were either ill prepared or not prepared at all. When looking at this from a security perspective, the picture becomes even more concerning, with 70 percent stating they were either moderately prepared or not prepared at all.

Unmanaged cloud access poses a major threat to data security

To help ease the transition to remote working, more than half of organisations (54 percent) have understandably accelerated their migration of user workflows to cloud based applications. Consequently, this has helped employees have access to everything they need to do their jobs from home. However, with no managed device program in place, almost two thirds (65 percent) have allowed employees to access these cloud applications from personal, unmanaged devices. Alarmingly, that is despite 55 percent of respondents acknowledging that such an approach poses a significant data security risk.

These findings indicate that organisations understand the risks but are operating for the sake of business continuity and productivity. The results appear to be positive, with 84 percent of organisations seeing either the same or higher levels of productivity from remote working. However, risking data security is a dangerous game which puts corporate reputation and even long term viability on the line in the event of a breach. This is reflected in the fact that almost two thirds of respondents (63 percent) fear their current remote working program is impacting on their compliance posture for regulations such as GDPR and PCI DSS, potentially risking major fines and sanctions should the worst happen.

Adoption of effective security solutions needs to accelerate

When asked about existing controls to secure remote working, only 34 percent of enterprises claimed to have any form of endpoint compliance, while just 18 percent had cloud DLP in place, both of which are worryingly low given the current situation. The lack of cloud DLP is particularly notable given that 29 percent of respondents claimed they were fully prepared for remote working. This means at least 11 percent of respondents don’t feel cloud DLP is an important component of a secure remote working program – a prospect that surely attracts cybercriminals .

Any organisation looking to create a remote working program with a  bring your own device (BYOD) approach must also deploy the tools needed to properly protect sensitive data in such an environment. Consequently, the numbers for endpoint compliance and cloud DLP, as well as those of other highly effective solutions like cloud access security brokers (CASB), user and entity behaviour analytics (UEBA), and zero trust network access (ZTNA), should significantly increase.

With the shift to remote working shaping to be long term, businesses can no longer afford to improvise when it comes to data protection. Instead, organisations must invest time and resources into finding appropriate  security solutions that are capable of securing data in a remote environment. Fortunately, there’s a wide range of highly effective products and solutions available today that can quickly provide visibility and control, no matter how geographically dispersed a workforce is.

This research was conducted during the height of the pandemic when businesses were still scrambling to formulate an effective remote working strategy. Now, months after the start of this vast shift, organisations must equip themselves with the proper tools to avoid data leakage and other security risks.

BIO

Anurag Kahol, CTO of Bitglass

Anurag expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.

 

The post Mind the gap: Why securing the remote workforce is now a top priority for businesses everywhere appeared first on Cybersecurity Insiders.

July 29, 2020 at 10:06PM

Read More