Cybersecurity News of the Week, March 26, 2023

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

Special Report: TikTok. TikTok makes this week’s Top of the News as lawmakers in Washington and several states consider banning or otherwise controlling access to it. There are two concerns that are specific to TikTok and its Chinese owner. There is an additional third concern that applies to all social media apps.

First is the concern over spying and the control the Chinese government has over TikTok, both the product and its ranking algorithm.

  • According to Lawfare, China’s 2017 National Intelligence Law commands that “any organization or citizen shall support, assist, and cooperate with state intelligence work according to law.” [The law] grants intelligence agencies authority to insist on this support: “state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organizations, or citizens provide needed support, assistance, and cooperation.” Organizations and citizens must also protect the secrecy of “any state intelligence work secrets of which they are aware.”
  • Robert Hubbell described it this way: “Imagine for a moment that the US passed a law that said every software company in the US had to provide the FBI and CIA a “back door access” into their software that would permit covert surveillance of users. Imagine further that every software company was required to assist the FBI and CIA in spying on Americans and was obligated to keep that surveillance secret. Finally, imagine that any US citizen who refused to cooperate with the CIA and FBI in gathering intelligence on US citizens could be jailed for life. Under those conditions, how would you feel about using Google, Bing, Firefox, Word, iMessage, WhatsApp, Gmail, Excel, TurboTax, YouTube, Twitter, Instagram, Spotify, iTunes, Ring Doorbell, Uber, Lyft, and DoorDash?”

The second concern is over control of TikTok’s  ranking algorithm. Fast forward to the 2024 election and imagine what is likely to be a close election. Now imagine the impact on the election when the Chinese government orders TikTok to rank user posts so as to spread misinformation and otherwise support China’s election meddling. We the People have a responsibility to ourselves and our posterity to prevent this from happening and to minimize its effect.

  • Banning TikTok in the U.S. Is Easier Said Than Done: Legal and practical obstacles could confound any bid to erase the Chinese-owned app’s huge U.S. footprint. The Wall Street Journal, March 25, 2023
  • TikTok has your data even if you’ve never used the app: The app collects and transfers data even if deleted, a new report says. … A ban on TikTok in the United States or a sale of the app by its Chinese owner, ByteDance, will not resolve national security concerns or fears TikTok could be used to siphon Americans’ data, according to a new cybersecurity report obtained by ABC News. ABC News, March 16, 2023
  • There’s a Problem With Banning TikTok. It’s Called the First Amendment.: The First Amendment has so far played only a bit part in the debate about banning TikTok. This may change. If the U.S. government tries to shut down this major communications platform, the First Amendment will certainly have something to say about it. The New York Times, March 24, 2003
  • A TikTok Ban May Be Just the Beginning: If the video app is blocked by federal authorities, it could be the beginning of the end for mega-popular Chinese apps in the U. S.—and for China’s ambitions to build a software-driven economy. The Wall Street Journal, March 25, 2023

The third concern, exemplified by this next story, is the impact social media apps have on our children, their evolving sense of self, and their mental health. It’s relatively easy to draw a straight line between social media apps and the increase of suicidal thoughts amongst our children.

All of the above notwithstanding, we also have to keep in mind the impact banning TikTok will have on the entertainment industry.

Nor can we imagine for a minute that politics won’t come into play in a move to ban TikTok.

There are no easy answers to the TikTok challenge so stay tuned as we stumble our way through a resolution.

How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.

  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.

Upcoming events. Please join us.

Cyber Humor

Security Nonprofit of the Week … Global Cyber Alliance (GCA)

Kudos this week to cybersecurity nonprofit Global Cyber Alliance (GCA). GCA builds practical, measurable solutions and  easy to use tools, and they work with partners to accelerate adoption around the world. GCA recently partnered with the Public Interest Registry  to develop an explainer video on cybersecurity risks to mission-based/non-profit organization and how to use the cybersecurity toolkit for those organizations to address those risks. The video is embedded in the mission-based organization toolkit. GCA was one of the founders of Nonprofit Cyber, the first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity. SecureTheVillage is a proud member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform

Live on Cyber with Dr. Stan Stahl: (Video) (Podcast):

Ben Franklin famously said “Distrust and caution are the parents of security.” … Join Stan Stahl, PhD and Julie Michelle Morris as they riff on distrust and caution, in Ben’s time and in our own. … Our need to have “distrust and caution” when identities on the Internet are so easy to fake and security is so poor; the wiring instructions from the escrow company may be from hackers who have broken into the escrow company’s computers; the Facebook “friend” you follow may be part of a botnet from  China or Russia spewing misinformation and disinformation; the person you’ve fallen in love with online may be a scammer who will steal everything you’ve got. Distrust and caution indeed. … As always, Stan and Julie provide actionable tips and thoughtful wisdom in a fun conversation on the complexities of cybersecurity and privacy.

Cybersecurity Quote of the Week

Section 2 – Managing our security and privacy. Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Be careful out there.

Manage your privacy.

  • Why You Should Opt Out of Sharing Data With Your Mobile Provider: A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Krebs on Security, March 20, 2023

Section 3 – Cybersecurity News for the Cyber-Concerned.

Fasten your seat belts, it’s gonna be a bumpy ride. Our next story is a harbinger of just how crazy we can expect cyberspace to become as the nation navigates Trump’s likely indictment.

Our next story is a follow-up to one we had last week.

As expected, cybercriminals have businesses between a rock and a hard place: Pay extortion to keep information private or be sued by the people whose private information was leaked.

This week in cybercrime. Cybercriminals lower down the food chain seem to have learned from the nation-state attack on Solar Winds. Hack a technology company and get online access to all of their customers. We’ve seen it before in hacks of IT service providers. Here’s several companies falling victim to the breach of file transfer service GoAnyway used by them all. I doubt that GoAnyway will recover.

In other cybercrime news.

Section 4 – Managing  Information Security and Privacy in Your Organization.

More stories illustrating just how unprepared we are. Tone starts at the top. We need Boards and management to provide cybersecurity leadership.

  • Survey Finds Boards Have Work To Do on Cybersecurity: Executive Summary: Despite more than three-quarters of boards having at least one cyber expert among the directors, only three in 10 directors rate their board’s ability to oversee a cyber crisis highly. … More than one-third of directors representing the energy and utilities industry have no board cyber expert, highlighting vulnerability in the critical infrastructure sector. … Board directors largely have confidence in management to effectively deal with cyber risk. Sixteen percent rated management ‘excellent’ and 43% rated management ‘very good’. … Tabletop exercises involving cyber scenarios are lacking. Less than half of all respondents said their board had participated in one or more during the last 12 months. WSJ Pro Cybersecurity, March 20, 2023
  • Mid-sized businesses cybersecurity challenges: In the last twelve months, 24% of mid-sized businesses have suffered a cyber attack or are unsure if they have suffered a cyber attack. … 61% of mid-sized businesses do not have dedicated cybersecurity experts in their organization. … 47% of mid-sized businesses do not currently have an incident response plan. …27% of mid-sized businesses reported having no cyber insurance coverage. HelpNet, March 20, 2023

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge