Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Safety Measures. Show all posts

Google's Earthquake Alert System Failed to Notify Residents of Turkish Earthquake

 

An investigation by BBC Newsnight on July 27, 2023, revealed that Google's earthquake warning system failed to reach many residents in southern Turkey before the devastating double earthquake disaster that occurred in February, claiming tens of thousands of lives.

Google claims that its Android Earthquake Alert System is capable of providing users with up to one minute's notice before an earthquake strikes, utilizing a loud alarm to alert them. The company stated that it had sent tremor alerts to millions of users prior to the first and largest quake that hit in the early hours. 

However, when the BBC conducted interviews with hundreds of people in three cities within the earthquake zone, they were unable to find anyone who had received a warning.

Harold Tobin, the director of the Pacific Northwest Seismic Network, expressed concern, saying that if Google promises or implies the delivery of an earthquake early warning service, the stakes are raised as it directly relates to people's lives and safety. He believes that Google has a responsibility to follow through on such a critical service.

Micah Berman, the product lead on Google's system, defended the earthquake warning system, stating that they are confident it worked and alerts were sent out. However, the BBC reported that the company did not provide evidence that these alerts were widely received.

Although about 80% of mobile phones in Turkey operate on the Android system, the BBC found only a small number of individuals who claimed to have received a Google earthquake alert before the second quake struck during lunchtime.

Google's earthquake alert service is considered a "core" component of its Android service, utilizing the vast network of Android phones to send quake alerts. This is made possible by the accelerometers in smartphones that can detect shaking.

During their investigation, the BBC team visited cities like Adana, Iskenderun, and Osmaniye, located between 70 and 150 kilometers away from the earthquake epicenter. The people they interviewed were adamant that they did not receive any Google warnings on their phones prior to the first earthquake. One woman named Funda, who tragically lost 25 members of her family in the disaster, stated that she was "certain" she did not receive any alert from Google.

Tobin emphasized the importance of Google being transparent about its earthquake alert service, suggesting that if the system had worked during this major earthquake, it could have been highly beneficial. However, the failure of the system during such a significant earthquake raises questions about its effectiveness and why it did not provide the expected benefits during one of the biggest earthquakes in the last century.



CISO Discuss Main Safety Concerns

 

In terms of cyber threats, 2022 was a crucial year. Enterprises are under increased pressure to enhance their security operations in order to stay up with the republic hackers and skilled cybercriminals who have been encouraged by the Russia-Ukraine conflict.

Frank Kim, a professional and fellow of SANS Institute, has joined YL Ventures as the organization's new full-time CISO-in-residence. In order to offer assistance and direction as companies develop their cybersecurity solutions and expand their businesses, YL Ventures links startup entrepreneurs with CISOs.

Former CISO of the SANS Institute and founder of ThinkSec, a security consulting and CISO consultancy firm, Kim will focus on the financial implications of enhancing security in his new position.

An increasing number of users are worried about data security, particularly how securely organizations may use, share, and exploit data. The key to encouraging and facilitating the adoption and use of data, looking at future revenue streams for businesses. It is justified in being a top priority for CISOs because it has grown to be such a crucial component of the company and a highly profitable target for attackers. Kim said, "We have to stay up with the changing and moving data in the modern, dynamic corporate climate with M&As and consolidation."

Top characteristics of a future chief data security officer:

Exhibit strategic focus
The most effective will approach problems from a business standpoint as opposed to a technical or tactical one. They present themselves as visionary leaders rather than firefighters who are only called in during emergencies.

Assess opportunity and risk
Risk need not always be nasty or destructive, but the risk that is not handled can be. If the CISO insists that all risk is bad and must be eliminated, they risk losing the support of their colleagues and impeding forward-thinking initiatives.

Permits the display of leadership ability
The organization as a whole and the security sector esteem next-gen CISOs for their charisma, ingenuity, connections, and respectability. They never miss a chance to highlight the benefits information security has for the company.

Possesses business skills, strengthens trust, and demonstrates empathy
Through routine interaction and cooperation, they should contribute to increasing the trust of their team members, clients, partners, and other company stakeholders.






Survey: 89% Firms Experienced One or More Successful Email Breach

 

During the past 12 months, 89 percent of firms had one or more successful email intrusions, resulting in significant expenses. 

The vast majority of security teams believe that their email protection measures are useless against the most significant inbound threats, such as ransomware. This is according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research. The survey examined issues with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and readiness to cope with attacks and incidents. 

“Security team managers are most concerned that current email security solutions do not block serious inbound threats (particularly ransomware), which requires time for response and remediation by the security team before dangerous threats are triggered by users,” according to the report.

Less than half of those surveyed felt their companies can prevent email threats from being delivered. Whereas, less than half of firms consider their current email security solutions to be efficient. Techniques to detect and stop mass-mailed phishing emails are seen as the least effective, followed by safeguards against impersonation attacks. 

As a result, it's perhaps unsurprising that nearly every company polled has experienced one or more sorts of email breaches. Overall, successful ransomware attacks have climbed by 71% in the last three years, Microsoft 365 credential compromise has increased by 49%, and successful phishing assaults have increased by 44%, according to the report. 

Email Defences 

When the firms looked into where email defence falls short, they discovered that, surprisingly, the use of email client plug-ins for users to flag questionable communications is on the upswing. According to a 2019 survey, half of the firms now employ an automatic email client plug-in for users to flag questionable email messages for review by skilled security personnel, up from 37% in 2019. The most common recipients of these reports are security operations centre analysts, email administrators, and an email security vendor or service provider, however, 78 percent of firms alert two or more groups. 

In addition, most firms now provide user training on email dangers, according to the survey: More than 99% of companies provide training at least once a year, and one out of every seven companies provides email security training monthly or more regularly. 

“Training more frequently reduces a range of threat markers Among organizations offering training every 90 days or more frequently, the likelihood of employees falling for a phishing, BEC or ransomware threat is less than organizations only training once or twice a year,” as per the report.

Furthermore, the survey discovered that more regular training leads to a higher number of suspicious messages being reported, as well as a higher percentage of these messages being reported as such. The survey also revealed that firms are utilising at least one additional security product to supplement Microsoft 365's basic email protections. However, the survey discovered that their implementation efficacy differs. 

The report explained, “Additive tools include Microsoft 365 Defender, security awareness training technology, a third-party secure email gateway or a third-party specialized anti-phishing add-on. There is a wide range of deployment patterns with the use of these tools.”

The firms came to the conclusion that these kinds of flaws, as well as weak defences in general, result in significant expenses for businesses.

“Costs include post-incident remediation, manual removal of malicious messages from inboxes, and time wasted on triaging messages reported as suspicious that prove to be benign. Organizations face a range of other costs too, including alert fatigue, cybersecurity analyst turnover, and regulatory fines” the report further read.