Wednesday, you’re here! NYC lawmakers aren’t convinced that AI should be making employment decisions—but critics think they’re not doing enough to regulate the tools.
In today’s edition:
Boo!
Child’s play
—Billy Hurley, Tom McKay, Patrick Lucas Austin
|
|
Famous Studios/Casper the Friendly Ghost via Giphy
A Washington State University report found that both fear and a sense of responsibility are effective security motivators. But fear works a bit better.
“When fear is high, violating policies will be low,” said Robert Crossler, information systems researcher and associate professor at Washington State University’s business school.
Scare vs. care. The report, published in Computers & Security, explored two motivational ideas:
- Protection motivation theory (PMT) encourages secure behaviors through fear appeals. (An employee says, “I must encrypt data so it’s protected from compromise!”)
- Stewardship theory motivates through unforced, reciprocal moral responsibility. (An employee says, “I care about the organization’s data as if it were my own.”)
The researchers offered three scenarios to the 365 IT professionals that completed the survey, all involving a fictional guy named Terry:
- Terry goes against policy and copies sales-report data to a USB drive. (Come on, Terry…)
- Despite company policy requiring employees to log out of workstations, Terry keeps his account logged-in to save time. (Really, Terry?!)
- Terry, away on business, decides that sharing a password could save his coworker a lot of effort. (Terry, no!)
The survey, in effect, asked: Would you be like Terry?
Yes, fear. With each scenario, the researchers asked a variety of questions, including ones designed to gauge a respondent’s fear. (If I did what Terry did, how worried would I be about the prospect of losing organizational data?)
Respondents who indicated that they were afraid of a given scenario were more likely to follow proper infosec policies, according to the report’s data. “The strongest predictor of people [not] violating [policies] was that sense of fear of ‘If this happened, it would be bad,’” said Krossler.
Read more here.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected].
|
|
TOGETHER WITH AMAZON WEB SERVICES
|
No no, don’t go reachin’ for your umbrella—we’re talkin’ about a different type of cloud. THE cloud. You know, the one those galaxy-brained techies are always talking about, the computer thing you kinda-sorta understand when chatting with IT.
Well, Amazon Web Services is here to help clear the fog. On February 15, they’re hosting AWSome Day, a free, 3-hour cloud training conference that’ll spill all the deets on the cloud and AWS.
Curious about what you’ll get from this conference? Attendees will come away with a rock-solid understanding of how cloud computing can help your biz cut costs, save time, expedite workflows, and more.
Bring the cloud down to Earth with AWS.
|
|
Miragec/Getty Images
Default login credentials—usernames like “admin” and “root,” and identical or easy-to-guess passwords like “password”—remain the method of choice for hackers to spread IoT botnets, according to recently released research by Nozomi Networks. What’s more, industrial control systems (ICS) widely used in critical infrastructure continue to be riddled with vulnerabilities, including the use of hard-coded credentials.
“It’s really alarming because you would think by now, everyone knows to always change default passwords,” Roya Gordon, security research evangelist at Nozomi, told IT Brew. “But when you think of IoT devices, it’s a little bit more difficult because those devices are more in bulk.”
“We’re seeing default credentials being a tactic that threat actors are using time and time again to access these devices,” Gordon added.
The IoT research was based on detections by honeypots set up by Nozomi researchers, who found many malicious IP addresses attempting tens of thousands of break-ins to the honeypot in the second half of 2022. The credentials most used by these break-in attempts include “nproc:nproc,” “admin:admin,” “admin:1234,” and “root:root.” Those were followed by the usernames admin and root without any password at all.
The top malicious single IP address tried to access the security firm’s honeypots over 70,000 times, and some of those IPs appeared to have been compromised stretching back to the first half of 2021, according to Gordon.
“What that means is that they maintain persistence,” Gordon said. “If, over a year, they’re using the same IP address, that means they could be compromising a legitimate device.”
Keep reading here.—TM
Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.
|
|
Do more together. Confluence is the remote-friendly team workspace where knowledge and collaboration meet. Whether you’re looking for new ways to automate or to easily share information across your entire organization, Confluence has the tools to support your team. Their free plan is packed with features to propel your team forward.
|
|
Francis Scialabba
Today’s top IT reads.
Stat: 61%. That’s the share of “help wanted” ads from ransomware gangs on the dark web looking for developers. (Securelist)
Quote: “The highest impact here was revoking anyone’s SMS-based 2FA just knowing the phone number.”—Gtm Mänôz, a Nepalese security researcher, on a recently discovered Meta bypass bug (TechCrunch)
Read: Breaking down the rise in generative AI and the future of the technology. (Ars Technica)
|
|
-
Over 200,000 people’s data was leaked after ransomware attack on the Indianapolis Housing Agency.
-
Hackers attacked Google Fi cell network after data breach, stealing information from millions of customers.
-
Mark Logan, the Scottish Government’s entrepreneur advisor, explains his plans for a Scotland tech ecosystem.
-
Edtech firm Chegg has been given 90 days by FTC to fix lax data security practices.
|
|
Check out the IT Brew stories you may have missed.
|
|
|