October 7, 2020

3 ways criminals use artificial intelligence in cybersecurity attacks

TechRepublic, October 7, 2020
Three cybersecurity experts explained how artificial intelligence and machine learning can be used to evade cybersecurity defenses and make breaches faster and more efficient during a NCSA and Nasdaq cybersecurity summit.
Kelvin Coleman, the executive director of the National Cyber Security Alliance, hosted the conversation as part of Usable Security: Effecting and Measuring Change in Human Behavior on Tuesday, Oct. 6.

October 6, 2020

CISA Leader Puts Health Sector Project on the Level of Election Security Initiative

NextGov, October, 6, 2020
With the presidential election underway, the head of the agency that describes itself as the nation’s risk adviser said protecting the health care sector as it comes under ransomware attacks during the public health crisis is right up there with safeguarding democracy.
“Seeing how much ransomware was affecting the public health sector, we could absorb within the system a hospital or two hospitals prior to COVID, but with COVID, you know, New York City could not lose any capacity at all in April or May,” CISA Director Christopher Krebs said. “We brought in a whole range of folks that are just allowing us to really jump start a new initiative that, as I look at it ... is as important as our election security initiative.”

October 1, 2020

The Cybersecurity 202: Americans are as insecure as ever on the 17th annual Cybersecurity Awareness Month

Washington Post, October 1, 2020
Seventeen years after October became National Cybersecurity Awareness Month, Americans are undoubtedly far more aware of digital threats. But they're as insecure online as ever.
The Department of Homeland Security's annual PR campaign urging companies and individuals to stay safe online, ongoing since 2003, may get extra traction this year with just 32 days until the most closely-watched U.S. presidential election from a security perspective – and during the coronavirus pandemic as everything from school to work and grocery shopping moves online.

August 17, 2020

Incident Response: Taking a More Deliberate Approach

DataBreachToday, August 17, 2020
Organizations in all sectors need to take a more deliberate approach to incident response, says Kelvin Coleman, executive director of the National Cyber Security Alliance. The first step, he says, is to determine why and how they were attacked. "Look at the entire picture, as much as you can, and then address the situation, because you might be making it worse when you're rushing right into an answer," he stresses.

July 28, 2020

7 Summer Travel Security Tips

Dark Reading, July 27, 2020
Good security practices go a long way to ensuring a safe journey, NCSA's Eliot says. This includes updating all applications on the major devices used...People may spend more time in rental cars this summer, which means they have to watch how they manage the infotainment system. NCSA's Eliot says it's fine to use the Bluetooth on the rental vehicle to make calls and listen to music, but make sure all of that information gets deleted before turning the car in.

July 17, 2020

Industry Reactions to Twitter Hack: Feedback Friday

SecurityWeek, July 17, 2020
Kelvin Coleman, NCSA “As we initially speculated, the latest findings behind the recent Twitter breach all point to an employee’s – allegedly implicit – role in a coordinated social engineering attack that took advantage of a compromised set of credentials to facilitate a breach of this size and scale. Given the ‘insider’ nature of the incident, this attack speaks to a larger issue around the collective concept of people, process and technology. Although Twitter likely has a robust internal security team to monitor the platform across devices, and actively promotes the use of stronger passwords and 2FA, the human element continues to be the most unpredictable factor contributing to these types of situations. It’s hard to predict and mitigate how people will factor into potential breaches, but this should nonetheless be a learning experience for other platforms and tech companies to encourage them to review and enforce an effective incident response plan moving forward.”

July 17, 2020

Twitter attack highlights the need for security awareness training

IT Ops Times, July 16, 2020
Kelvin Coleman, executive director at the National Cybersecurity Alliance, agreed, adding: “Given the ‘insider’ nature of the incident, this attack speaks to a larger issue around the collective concept of people, process and technology. Although Twitter likely has a robust internal security team to monitor the platform across devices, and actively promotes the use of stronger passwords and 2FA, the human element continues to be the most unpredictable factor contributing to these types of situations. It’s hard to predict and mitigate how people will factor into potential breaches, but this should nonetheless be a learning experience for other platforms and tech companies to encourage them to review and enforce an effective incident response plan moving forward.”

July 16, 2020

‘Tweet-tastrophe’? It could have been. Twitter hack reveals national security threat ahead of election

USAToday, July 16, 2020
"It’s hard to predict and mitigate how people will factor into potential breaches, but this should nonetheless be a learning experience for other platforms and tech companies to encourage them to review and enforce an effective incident response plan moving forward," Kelvin Coleman, executive director at National Cybersecurity Alliance, said in an emailed statement.