Data

Maps May Soon Be Less Trustworthy Than Ever

Did you know that maps as we know them are remarkably skewed? Due to some centuries-old superiority complexes and prejudices, the maps we’ve all been raised looking at have never been completely accurate. However, this problem could soon be an element of cybercrime thanks to a developing technology that many have yet to take seriously, deepfake images, and how they could revolutionize cyberattacks moving forward.

What Are Deepfakes?

Deepfakes are manipulated images or videos that have been altered to revise the truth with the assistance of artificial intelligence. The Internet is full of lighthearted examples, where a comedian’s face is changed during an interview to be replaced with the celebrity who they are impersonating, or different actors are cast in classic movies. Mobile applications that allow you to create a rough lip-synch video from a still image are growing in popularity.

Of course, there are much more convincing examples of deepfake technology that we can point to. For instance: This Person Does Not Exist. This website pulls the results of a generative adversarial network trying to create the most convincing face it can possibly generate. Each time that page is refreshed, a new face pops up that looks just like a real person—despite no such person actually existing.

While these applications are quite entertaining, they undermine the real risks that deepfakes pose to security. Explicit deepfakes are already being generated that depict people in assorted adult situations without their consent to be used in blackmailing schemes. Deepfakes have also been spread to manipulate political impressions and sway the tides of some elections.

Unfortunately, there is an additional threat that these doctored images are now being used to support: geographic deepfakes.

What is a Geographic Deepfake?

Instead of manipulating someone’s face or the words they say, geographic deepfakes alter satellite imagery to manipulate our impression of the landscape and what is present. With deepfake technology as a whole improving all the time, geographic deepfakes could create some serious problems for businesses and governments alike.

How a Geographic Deepfake Could be Abused

Let’s run through a potential scenario for a moment, just to illustrate how serious this threat is:

A platoon of soldiers are out in the field, advancing on a target. All they need to do is reach a bridge that will take them to their objective. Satellite imaging shows a clear path to the bridge, but once the platoon reaches it, they actually find themselves face-to-face with the enemy, who has taken the bridge and created an ambush for them to walk right into—or perhaps they find no enemy troops, but also no bridge for them to cross… ruining their plan, and possibly many others that were contingent upon it. This latter possibility was actually proposed in 2019 by a National Geospatial-Intelligence Agency analyst named Todd Myers, as it draws from a tactic as old as cartography itself.

Maps Have Always Been Manipulated

History is full of times where maps have played a key role in disinformation campaigns and propaganda alike, in addition to providing a form of copyright protection for cartographers. By changing some details of a map—occasionally making up features and towns that didn’t actually exist there—a mapmaker could easily identify if their work had been copied.

Geographic deepfakes could simply add an additional level of complexity to such efforts, as the University of Washington recently explored in an academic study.

In this study, the researchers abbreviate the very long history of map manipulation and embellishment, starting from the Babylonian 5th century B.C. but focusing much more closely on the modern applications. Things like location spoofing and how they’re weaponized were covered, with practical examples provided by the researchers that they generated as a proof of concept. As a whole, the study makes it clear that such capabilities are very real, and very easy to abuse, but certainly not easy to identify when they are in use.

Exacerbating the issue further, most people don’t think to second-guess the maps they see, making these threats all the more dangerous. Furthermore, while the researchers were able to create a tool that could identify the deepfakes they generated, such tools will need to be updated constantly to keep up with the improvements that those who abuse these tools are sure to implement.

What Can Be Learned?

While these threats aren’t likely to come into mainstream use for some time yet, it pays off to predict how they could impact you in the future. Just think about the missing bridge example… What if the same concept was used on the supply chain, or on your business directly?

Furthermore, since cyberattacks often inspire others, an imaginative cybercriminal could very well come up with some other devious ways to use these capabilities.

For now, the best course of action is to take every opportunity to secure your business as best you can with the help of today’s technology solutions. While ignoring developing threats like the potential of deepfakes is shortsighted, overlooking present ones is worse.

Jackson Thornton Technologies is here to help you secure your technology. To find out what we’ll do for you, give us a call at 334-834-7660 and have a chat with us about your business.

 

Tip of the Week: Three Steps to Better Backups

Because of the protection it can offer your organization, data backup is a necessary tool for you to have—that is, provided it has the requisite security and reliability you’ll need should you ever have to lean on it. Let’s go over a few guidelines to help you be sure that your backup is trustworthy enough to stake your business’ future on.

A Good Data Backup Means More Than One Copy

Let me put it this way: how useful is a backup that was also destroyed in some disaster, along with the original copy of your data? In short… it isn’t. There is a non-zero chance that something could make your backups unavailable to you, so you need to have a backup backup plan, stored someplace separate from your other backup or the original data.

A Good Backup Means Keeping Your Backups Safe

If you’re around any of us at Jackson Thornton Technologies for any length of time, you’ll see how seriously we take data security around here. Failing to properly secure your backups is a rookie mistake to make, as it contains exactly the same data that your default data storage does. Therefore, it is crucial that you make sure these copies are just as securely protected.

A Good Data Backup Contains More Than One Version

While cybercriminals have taken to showing their hand earlier and earlier, this isn’t always how they operate. Sometimes, they prefer to work in the background, corrupting your data—and any backups taken of it—for some time. Therefore, it is wise to keep a few copies of your data going back a ways. That way, should you need to restore your data, you are more likely to have a copy from before the infiltration occurred.

Maintaining a Backup Takes Strategy. Let Us Help.

Establishing a good data backup and implementing the processes to make it seamless will take a fair amount of time. While this would not be time wasted by any stretch, it can be hard to reconcile that with the opportunities you could miss as a result.

Jackson Thornton Technologies is the best option for the business that needs assistance with their IT in the Southeast. Hand off the responsibility of taking care of your backup to us. Focus your energies on growing your business… we’ll make sure it’ll still be there and ready. Call us at 334-834-7660 today.

 

What We Can Learn from Coca-Cola’s Insider Trade Secret Theft

Your business’ data is perhaps its most crucial resource—which is why it is so important that it remains protected against all threats (including those that come from within your own business). Consider, for a moment, the ongoing trial of Xiaorong You, going on in Greenville, Tennessee. Accused of stealing trade secrets and committing economic espionage, You allegedly stole various BPA-free technologies from various companies—including Coca-Cola and the Eastman Chemical Company, amongst others—to the tune of $119.6 million.

Let’s consider how the implementation of insider threat detection methods could have minimized the damages that You allegedly inflicted on these companies.

You’s Story

Xiaorong “Shannon” You, a naturalized US citizen and PhD in Polymer Science and Engineering, has worked in the industry since 1992. From December of 2012 to August of 2017, she worked for Coca-Cola as a principal engineer for global research, moving to the Eastman Chemical Company to work as a packaging application development manager from September of 2017 until June of 2018, when her employment was terminated.

During her tenure at both companies, You had access to secrets that a limited number of employees were privy to. In the case of Coca-Cola’s secrets, You had retained them (despite affirming that she hadn’t in writing) and submitted them to the People’s Republic of China as part of her application for the country’s The Thousand Talents program in 2017. This program has been used before to introduce advanced technologies to China, with the Department of Justice having had some success in prosecuting these cases.

What Xiaorong You Allegedly Did

According to the case that You now faces, she retained this information by simply uploading data to her personal Google Drive account—or when dealing with particularly sensitive documents and physical lab equipment, she simply used her smartphone’s camera to capture images (bypassing the scrutiny of her employers’ information security teams). Once she had secured this information, You worked with a Chinese national named Xiangchen Liu to form a company in China that would use these trade secrets to generate its own profits, using an Italian BPA-free manufacturer to incorporate the stolen technologies onto their own products.

The theft of this technology has had an impact on various companies, including Coca-Cola and the Eastman Chemical Company, as well as AkzoNobel, Dow Chemical, PPG, TSI, Sherwin Williams, and ToyoChem.

Originally brought up on charges involving the theft of trade secrets in Tennessee’s Eastern US District Court in February of 2019, You was subject to another indictment in August 2020 that filed charges of economic espionage.

How You’s Employers Could Have Stopped Such Activities

Let’s take another look at some of the dates we just went over:

You’s employment at Coca Cola ended in August of 2017, while her indictment for crimes that allegedly took place during her time there didn’t happen until February of 2019. This suggests that the discovery of her activities at Coca-Cola didn’t occur until long after the fact.

This fact is indicative of two reasonable hypotheses:

1. Coca-Cola lacked the tools to detect such activities in real-time, making it far more difficult to prevent protected and sensitive data from successfully leaving the corporate environment.

2. Coca-Cola also lacked the policies that could have prevented non-authorized devices from entering the workspace or otherwise being kept in proximity to sensitive company data or infrastructures. While old-fashioned, the concept of taking photographs of such information is no less effective for its age.

By comparison, You’s considerably rapid termination from the Eastman Chemical Company would suggest that their data protection standards were much more robust than Coca-Cola’s were at the time, enabling the company to identify a security issue and properly investigate it much faster.

Just imagine how much the total damages—which now equate to about $119.6 million, as a reminder—could have inflated if Eastman Chemical weren’t able to catch You’s alleged activities so quickly.

It unfortunately goes to show how anyone given the opportunity in tandem with the right motivation—in this case, recognition and financial windfall—could become a serious threat to any company’s data. This means that every company should have the tools in place to prevent these activities as often as possible, as well as the means to catch them if they are to take place.

Jackson Thornton Technologies is here to help facilitate that. Our remote monitoring and management services can help catch any suspicious activity on your business’ network, preventing both internal and external threats from taking root. We can also help keep your data on a need-to-know basis, preventing more data leaks—accidental or otherwise.

Learn more about how our solutions can assist you by calling 334-834-7660 today. 

 

 

Category: 

Facebook’s Massive Data Leak

Facebook is many people’s favorite—or at least most used—app and it does bring value to people by letting them keep tabs on friends and family, or grow their businesses. It has grown to be one of the largest, most successful software technology companies in the world. Unfortunately, with that type of exposure comes the responsibility of securing massive amounts of personal data. In this quest, they leave a lot to be decided. Today, we take a look at the situation Facebook is in as they are dealing with one of the largest data leaks in history.

What’s the Issue?

The current situation didn’t start recently, but at the beginning of April, some 533 million Facebook records were leaked by hackers for free on the dark web. Over half a billion users have had their personal information, including Facebook ID, corresponding phone numbers, birthdates, some email addresses, relationship status, and bio, dumped into a public database online. 

Facebook confirmed that the data was from a 2019 data leak, and that they have long since patched the vulnerability used to obtain it. That’s a good thing, but it’s still concerning that two years after a major data leak, the data, which was for sale for the past two years, was just dropped on the web for free. Obviously, the tech giant wants the narrative to be that this is old data and they have since made the changes necessary to protect their massive amount of user data, but the fact that it is still available is the bigger issue.

Once Data is Leaked, It’s Out There Forever

We may not really know the tangible value of the data found in this massive database. What we do know is that once data is leaked, it’s going to cause some consternation for Facebook, because:

● One of Facebook’s major revenue streams revolves around transactions with this data.

● This data is out there for free.

● It was likely obtained from a hacking tactic called scraping.

Your company doesn’t have the huge amount of data that Facebook has, but you have the same responsibilities with the sensitive data you have. If Facebook wasn’t, you know, Facebook (that being a platform that is typically used to share data) they wouldn’t be able to simply shrug off something like this. We can say with confidence that a data leak of nearly a quarter of your client base’s data would come with massive repercussions for your business. 

That’s why you need to ensure that you have the tools in place so that you don’t have to deal with data theft, loss of customer confidence, and all the other negative variables that come with a data breach. If you would like to find out more about how Jackson Thornton Technologies can help you secure your business’ and customers’ data, reach out to us today at 334-834-7660.

 

Category: 

What Your Employees Need to Know to Keep Their Own Data Secure, Too

It is only too common for people to have very different personalities in the office as they do during their off hours, with different standards and practices to suit them. While there is absolutely nothing wrong with that on the surface, you need to be sure that they are at least upholding the kind of security best practices that you expect of them in the office while they are at home.

Let’s go into why this is, and what these practices should look like.

How an Employee’s Security Habits Impact the Business’ Security Overall

Okay, stay with us here—there are a few steps that we need to go through to get from point A to point B.

Chances are that your team members are likely somewhat lax in their security practices when their own data is concerned. This means we can confidently say that, without oversight, simplicity will likely win out over the admittedly less convenient best practices.

While you should be ensuring that all devices that connect to your business network are updated and abide by certain best practices, like password quality and the like, you aren’t exactly standing over their shoulder while they’re browsing from home.

With so many people now working remotely—potentially from devices they own, not the ones you’ve provided—this can quickly become an issue. With poorly managed and maintained devices accessing your business’ resources, you are exposed to greater risks.

Obviously, this isn’t acceptable. To help minimize the impact that lax security practices could potentially have, you need to reinforce the importance of properly adhering to what is recommended in the office while at home.

Best Practices That Your Employees Need to Abide by at Home, Too

Password Hygiene

● Don’t reuse passwords

● Update passwords somewhat regularly

● Use an approved password manager to help simplify this compliance

● Supplement your passwords with some form of 2FA/MFA

Precautionary Measures

● Avoid any publicly accessible wireless networks

● Think before you click when browsing the Internet or checking emails

● Use a Virtual Private Network (or VPN) to securely connect to your infrastructure

● Always keep an up-to-date antivirus and firewall installed

● Regularly update your software

Browsing Practices

● Avoid insecure websites (those beginning with “http” instead of “https”)

● Keep personally identifiable information (PII) private

● Understand what a phishing attack is, and how to spot them

● Keep work devices dedicated to work purposes

Interested in learning more about any of these practices? Give Jackson Thornton Technologies a call to discuss your options with us, along with any of your other business-IT related questions. Dial 334-834-7660 today.

 

 

March Brings A Lot of IT Awareness

Sometime recently, novelty holidays have popped up for almost anything. Many of which just aim to celebrate the things about our lives that make life worth living. Take any random day, like May 12. There are a half-dozen “holidays” that day: National Limerick Day, National Odometer Day, National Nutty Fudge Day, National Fibromyalgia Awareness Day, National Receptionists’ Day, and National Third Shift Workers Day. So, May 12 runs the gamut of human existence. 

Technology is no different. There are technology holidays all throughout the year. These include National Technology Day on January 6, Data Privacy Day on January 28, and National Clean Out Your Computer Day on February 8. In March, however, there are three technology-inspired “holidays” that we thought were important enough to point out.

The First Weekend in March — National Day of Unplugging

(March 4th, 2021 to March 5th, 2021)

It may not seem like us to tell you to take a step away from your technology, but for years people’s exposure to technology has had people (parents and doctors mostly) concerned about the effects of too much screen time. On a National Day of Unplugging, it is suggested that you limit the amount of time you spend on your technology, just to get away and to get some perspective. Doing this regularly can actually give you a better perspective about how you interact with all the technology that is constantly around you.

The National Day of Unplugging was formed from a project that grew from a Jewish arts and culture nonprofit’s small gatherings for technology-free Shabbat dinners to an international campaign to help slow down our normally fast-paced lives. It has expanded to support digital wellness initiatives around the world, growing in scope every year.

At Jackson Thornton Technologies, we understand that part of having a healthy work-life balance is finding a balance between your downtime and your screen time. Try putting your phone away (they still make paperbacks) on March 4th and support the National Day of Unplugging.

March 16th — National Freedom of Information Day

Since 1966, the Freedom of Information Act has provided an avenue for U.S. citizens to review public information. The National Freedom of Information Day; every March 16th, coincides with one of the founding fathers of the Republic’s birthday, the fourth president of the U.S., James Madison.

Madison, who is often referred to as the Father of the Constitution, was a major proponent of transparency in government. In choosing his birthday for the National Freedom of Information Day, open-government advocates such as the National Freedom of Information Coalition have combined Madison’s spirit with a celebration of the accessibility of information in the republic. 

March 31st — World Backup Day

Being advocates of backing up your data is not selfless, it makes our jobs easier, but that doesn’t mean that it doesn’t come from a good place. Nowadays, we have World Backup Day, which was created in 2011 by Ismail Jadun. He wanted to get the word out about how important it was for businesses to back up their data. He figured that the day before April Fool’s Day was the best time to spread the word about having a data backup.

Today, data is more valuable than ever and data breaches routinely destroy businesses. Keeping a secure backup can help any organization keep operations going after a major data-loss event that can be triggered by about anything: Disasters, system failure, negligence; you name it, it can cause data loss. Having a strong backup and recovery strategy in place will ensure that your business won’t be caught off-guard.

Today, World Backup Day works to promote the implementation of data backup, and should be observed by individuals and businesses, alike. 

If you want to celebrate these technology holidays, and want to talk about how to make IT work best for your business, give us a call at 334-834-7660.

 

 

 

Three Seldom Considered Elements of a Backup Strategy

If you’ve been following us for any amount of time, it is very likely that you have already heard us talk about the importance of a comprehensive data backup strategy. Recent events have made such preparations no less important for you to have in place. Let’s go over some of the key steps that you need to undergo.

How to Properly Design Your Backup Strategy

To establish a data backup strategy that works effectively, there are a few different steps you need to undergo, in addition to the given requirements that implementing such a strategy will take.

1. Specify What Your Recovery Goals Are

This one may be a little obvious on the surface, but deeper consideration makes it clearer how specific these specifications must be. Naturally, you want as much of your data and operations to be restored as possible, as quickly as possible, but it is important to put definitive objectives here. How much data do you need to restore to restart (to some level) your operations? How long can you sustain downtime before it becomes too much? Identifying this is crucial to your successful recovery… and your success at not joining the far-too-many businesses that fail within a year of a significant downtime event.

2. Train Your Team

Secondly, having a backup is a great start, but you also need to know that your team can put it into action if need be. Backups are only useful when they can be implemented, and they can only be implemented if your team understands how to do so properly. Taking the time to train your team members to utilize the resources at their disposal—especially in this context—will only benefit your overall operations.

3. Build Your Procedures

Once your goals are in place and your team is prepared to use the tools at their disposal, you need to make it an established practice for them to do so. While we are not suggesting that you encourage your team to make errors of any size, it will help to periodically run your employees through the processes that you have in place for data recovery purposes. Scheduling a test of your backup, and having your business run off of the backup will help you prepare for a real data loss event.

Following these steps as you adopt your backup policies and procedures will only help to make them more effective. For even more assistance, turn to Jackson Thornton Technologies. We’ll help you manage your business’ IT, down to your backups and more. Find out what we can do for your operations by calling 334-834-7660.