This year, though, the online retailing giant faced a backlash after news broke that human reviewers were sometimes listening to recordings of users’ private conversations with Alexa.

Alexa has dominated the smart speaker race against Apple’s Siri and Google Assistant.

Now, of the 76 million smart speakers perched in US homes and businesses, 70% are Echo devices, according to Consumer Intelligence Research Partners. 

 Google, Apple, Microsoft and Facebook have also admitted to listening in on recorded user conversations with smart assistants.

The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

Insufficient testing and updating. …

Brute-forcing and the issue of default passwords. …

IoT malware and ransomware. …

IoT botnets aiming at cryptocurrency. …

Data security and privacy concerns (mobile, web, cloud) …

Small IoT attacks that evade detection. …

AI and automation. …

Home Invasions.

Rouse, M., Rosencrance, L., Rouse, M., & Rouse, M. (n.d.). What is internet of things (IoT)? – Definition from WhatIs.com. Retrieved from https://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT.

Discuss nascent efforts to financially measure cyber-security to make sound investment decisions This is just my honest opinion based off research I have done on Iot devices. New startup companies rarely put in any effort when it comes to investing in cyber-security. Everyday of the week there is a new IoT device compromise that makes it way to cyber-security blogs. Startup company don’t have sufficient funds to invest into cyber-security

• Ransomware attacks are truly nothing new at this point, but 2019 is looking like a banner year for them

• A destructive strain called LockerGoga has specifically been victimizing industrial and manufac­turing firms

• Forcing production plants to switch to manual control or exacting long-term damage in systems that control physical equipment

• A legitimate software vendor pushes out what looks like a trustworthy software update to users, but it’s really a destructive instrument of cyberwar. 

• Russian hackers spread destructive malware in part by compromising the update mechanism for a Ukrainian accounting application.

• Logged into your account is going to this help center page.

• Hit the Privacy tab. From here, you can control who gets to see your future posts and friends list.

•  Click on Limit Past Posts, then select Limit Old Posts and finally hit Confirm on the pop-up.

• In Settings, go to the Timeline and Tagging and edit the sections you want to lockdown.

•  Restricted list here, which means they’ll still be friends with you but will only be able to see your public posts and things you share on a mutual friend’s Timeline.

• The FBI is investigating allegations that employees from one of Walmart’s technology suppliers were illegally monitoring the retailer’s e-mail communication.

• Compucom technician took a photo of an email about an internal Walmart disciplinary matter and sent it to a Walmart employee he had been chatting with on an instant messaging system

• The photo was then forwarded accidentally to the daughter of a second Walmart employee who reported it to the company’s security department

• The case exposes a potential vulnerability for companies that rely on contractors for technical work, giving outsiders broad access to sensitive internal documents with little oversight in the process.

Company terminated its contract with Compucom

• A vulnerability in Amazon’s Ring video doorbells left the internet-of-things devices open to a variety of attacks

• Bitdefender found that the Ring Video Doorbell Pro’s companion smartphone app sent wireless network credentials to the device in plain HTTP language during the set-up and configuration stage

• Attackers can send these de-authentication frames at any time to a wireless device. Once the device loses its ‘heartbeat’, it automatically enters configuration mode.

• ESET warned that many Amazon Echo and Kindle devices remained open to a different Wi-Fi vulnerability, a Key Reinstallation Attack (Krack attack)

• A Krack attack enables the attacker to trick a device into reinstalling a key that is already in use by another device, enabling them to gain visibility of data packets crossing the network.

Forensic Computer Analyst

The forensic computer analyst is the detective of the cyber security world. Forensic computer analysts review computer-based information for evidence following a security breach or other incident. Tasks include handling hard drives and other storage devices and employing specialized software programs in order to identify vulnerabilities and recover data from damaged or destroyed devices. Forensic computer analysts must be sensitive to the security concerns of their employers or clients and follow closely all privacy procedures when dealing with financial and personal information. They must also keep detailed and accurate logs and records of their findings, which are often used in litigation.

Education requirements

Employment as a forensic computer analyst normally requires holding a bachelor’s degree in computer security, forensic computing or a related subject. Previous experience may also be necessary.

Information Security Analyst

An information security analyst (ISA) is responsible for the protection of an organization’s computer systems and networks. They plan and execute programs and other measures, including installing and using software for data encryption and firewalls. Additionally, ISAs help design and execute plans and methods for the recovery of data and systems following a cyberattack. ISAs must continuously stay on top of the latest industry trends and cyber threats, which involves researching new security technologies and networking with other professionals.

Education requirements

ISAs need to earn a bachelor’s degree in computer science or related area. There is a growing trend toward undergraduate degree programs specializing in the information security field, which may become the preferred choice of employers in the future. Some employers, particularly large corporations or organizations, may prefer job candidates with an MBA in information systems.

The Internet of Things (IoT) creates new business opportunities. For instance, companies can use smart sensors to track and monitor inventory.

• Set passwords
• Disable Universal Plug and Play (UPnP)
• Create a separate network
• Update your firmware
• Unplug it

A new global survey by Crowd Strike shows the average cost of a software supply chain attack is $1.1 million.

• According to a new survey, and most organizations worldwide have been victims of a software supply chain attack.
• Some 90% of organizations say software supply chain attacks cost an average of more than $1.1 million.
• A Professional stated “They now inject malicious code into legitimate software,” he says. “It’s mostly invisible, which is why these attacks are becoming more common.”
• 71% say they don’t consistently require the same security requirements of their third-party suppliers as they use internally. 
• The survey, conducted by Vanson Bourne on behalf of Crowd Strike, includes responses from 1,300 senior IT decision-makers and security pros in the US, Canada, UK, Mexico, Australia, Germany, Japan, and Singapore. 

The most effective penetration testing methods combine threat intelligence, vulnerability scanning, and human expertise to validate the criticality of vulnerabilities through simulated attacks on an IT environment. 

• Use AI to filter that data and eliminate the noise.
• AI will also help produce test results more quickly, and in matters of cybersecurity, time is of the essence
• Automating vulnerability analysis and exploitation, you can reduce the operational cost and speed vulnerability reporting
• Organizations will always need qualified penetration testers to interpret and validate scan insights, generate action plans to mitigate risks, and “train” AI and ML algorithms for continuous improvement.