Biz Builder Mike

You can't sail Today's boat on Yesterdays wind - Michael Noel

Why Leading Cities and States Should be Protecting ‘Digital Citizens’ from Mobile Threats

by

Why Leading Cities and States Should be Protecting ‘Digital Citizens’ from Mobile ThreatsWhy Leading Cities and States Should be Protecting ‘Digital Citizens’ from Mobile Threats

When most people think of Zimperium, they may recognize us as the leader in enterprise mobile device and app security. Or, they have seen the recent news on the Defense Information Systems Agency (DISA), a U.S. Department of Defense (DoD) organization, selecting us to deliver comprehensive Mobile Endpoint Protection (MEP) to the unclassified government furnished (GFE) devices of servicemen and women around the world. 

In regards to the DoD announcement, this a watershed moment and we are honored to protect DoD mobile users and endpoints against phishing, malicious/risky apps, OS exploits and network attacks. 

We are also honored to be protecting the “digital sidewalks” – as Jordan Sun, the Chief Innovation Officer for the city of San Jose and Director of the Mayor’s Office of Technology and Innovation (MOTI) referred to it in a recent commentary in The Hill – for New York City residents and Los Angeles Metro riders against mobile threats with the only machine learning-based, on-device mobile security solution. 

I recently had the pleasure of hosting a panel session during this year’s North American International Cyber Summit. The panel – The Future of Mobile Technology and Security for the Digital Citizen – featured: 

  • Mitch Herckis, senior advisor of New York City Cyber Command;
  • Douglas Anderson, senior director Information Technology for the Los Angeles Metro; and 
  • Jayson Cavendish, senior security architect for Tech System, contractor to the state of Michigan.

Below are select snippets from this lively, compelling and informative panel discussion.

A little bit of background

Mitch: 

“NYC Cyber Command is a relatively new organization, particularly by New York City standards, where we have some agencies that marked their life in over a century. We were created just three years ago by executive order and we were formalized into the city charter just this past month. 

“As the senior advisor for operations for the organization, I helped with the central part of our mission which is to implement cybersecurity as a central authority across a hundred plus agencies. 

“We also have a resident phasing mission, ensuring residents of New York City are able to be safe in their own digital lives.” 

Doug: 

“LA Metro is the third largest transit company in the U.S. We transport about 1.3 million riders a day. It is a sizable agency and because of that we have a fairly large presence. 

“One of the things my team is challenged with, is looking at using technology for innovative ways to enhance the customer experience. Equity is another big issue here for Metro. We have a lot of riders that are low-income and cannot even afford connectivity. 

“Even though it is not blanketing the city, our routes do cover the entire city and they are basically based on population and ridership density, those kinds of things. Where there are more people there are more routes. It seemed like a good way to maybe accomplish some of the goals that the city wanted to do.” 

NYC Secure and LA Metro Secure

Mitch: 

“The NYC Secure initiative is the name of our citizen-focused initiative and it was announced back in March 2018. The goal of it is essentially to defend New Yorkers from malicious cyber activity on mobile devices across Wi-Fi networks and beyond.

“There are two major pieces to this initiative. One is the NYC Secure app, which is free for folks to download through the App Store and Google Play. It is security for anyone who downloads it – focusing on providing New Yorkers a level of protection. It alerts you to risks, threats and attacks including  if you are connecting to unsecured Wi-Fi networks.

“More people have moved to mobile – – over 50 percent of traffic is mobile these days. So, there are increasing attacks there.  

“We realized this was the right thing to do, that we commit to keeping people safe in their daily lives from crime and we should want to bring that same commitment to protecting New Yorkers into cyberspace. 

“We figured out we need to do it in a way that reflected their values and preserved individual privacy and the NYC Secure initiative and the NYC  Secure app is what came out of it.”

Doug: 

“My CIO actually went to New York and saw Mitch’s project out there and that is how we got involved in looking at protecting the devices. 

“The folks using our Wi-Fi on the buses are not the most sophisticated users. They are low-income. They do not have their own data plans and don’t necessarily have a carrier helping to protect their device. 

“They rely heavily on various forms of public Wi-Fi to communicate. Some have older devices. They are cheaper devices. They do not necessarily keep them up-to-date. 

“Basically, as long as they can access Wi-Fi and there are a number of apps they can download and use, they are able to communicate. It was a pretty big, challenging environment. One of the things that we really wanted to do was keep it as simple as possible. 

“When people transfer from one vehicle to another – there are hundreds of thousands of transfers in a given day – their phone will automatically re-login to the new Wi-Fi network, when they board a new vehicle. However, that causes a bit of a problem because now you have individuals who will try to spoof the network, to access a million plus riders here in Los Angeles.” 

Should cities protect their citizens?

Jayson: 

“When the pandemic started, for those with the ability to work at home, they were now relying on networks they typically reserved for play or entertainment. Further, as they started doing that, K-12 and higher education started going completely online, that happened back in April and May. 

“As we came into August this year, a lot of the universities made the decision to go fully online. Some like Central Michigan University have students on campus but most of their classes are online. 

“We need to figure out how we make sure we use trusted Wi-Fi networks. For example, my wife and girls may go shopping for shoes at a local retailer. While they are there, they jump on Wi-Fi for free while shopping for shoes and are buying other things while on that network. I can tell you this, because they come home and I ask if they bought other clothes on their mobile devices while shopping for shoes. I ask if they use their credit cards. Of course the answer is ‘Well, yeah.’

“I think the reality for most of our constituents is that this isn’t top of mind for them. We need to give them a tool or a way that they can put on the digital mask to protect each other.” 

Issues and challenges

Mitch: 

“This is also an equity issue. Not everyone has access to their corporate account, a secure corporate environment or certain protections as mentioned through their provider. In fact, something like 17 percent of Americans have smartphones only. I think it goes much higher if you look at some equity issues that are particularly around low-income individuals or folks who are in lower income brackets. 

“Our vision is for New York to be the most cyber resilient city in the world and to achieve that vision, it means giving everyone the tools they need to do what is necessary to protect themselves. Sometimes it is about giving them the things to recognize that, that might not be a link to NYC Wi-Fi, that might be someone down the street. 

‘The reality is, not everyone has access to security measures and NYC Secure is a very simple tool that they can use for security while maintaining their privacy. 

‘During this time of COVID in particular, there have been malicious attempts at applications that mimic the sort of things that we would expect from a tracing app, those have been passed via email or phishing attempts. I think providing this basic security to folks is something we see as protecting everyone, all New York.”

Doug: 

‘We discovered that we had a huge number of kids using Wi-Fi, believe it or not, to do their homework on their way to school because they did not do it the night before. They were taking advantage of the fact that they had Wi-Fi on the buses to do their homework. 

‘But again, you have got a very unsophisticated audience there and it can easily be fooled into things.

“One of the things we specified on a login page, in the terms and conditions page before you go to an active portal, was that we wanted to indicate  that we were not tracking their device. That is a big deal here. A lot of people are riding the buses. We really want to know where they are going, that is very helpful to us to understand the ridership patterns, but people do not like to be individually tracked, especially a number of individuals and the lower-income group.”

User privacy

Jayson: 

‘We are evaluating opportunities to make this available to the citizens of Michigan. One of the most important facets of that would be that the tool does not retain or send back or keep any information about the citizen. 

“Can it protect me from mobile malware? Can it tell me where solid safe networks are? Can it help me protect against phishing attacks? And can it do all of that and not send any of my data back to a monitoring device or spy on itself? I think those are the real critical aspects of this entire area that we are looking into.”

Mitch: 

“There is a lot of really interesting data we could have gotten if we decided to take that in. It would be fascinating data and helpful data, but the reality is no one, no New Yorker probably really wants an organization called New York City Cyber Command taking their data off their phone and frankly, we do not want that to be. 

“We want to provide the tools without people questioning our motives. To put a very fine point on it, the city sees nothing. If you choose to download and install the app, we will not be able to see information about you on your mobile device. There is a strict privacy policy and technical controls to ensure the privacy is respected. 

“New York City was hit hard during this global pandemic. As part of our own response in trying to do things to help our citizens, we put out advice to small and medium-sized businesses on working from home. I think people think of New York and they think of big buildings, but the reality is there are a quarter million small and medium-sized businesses in New York –  from that one guy working alone to a small group of people who are doing something like a small startup. 

“We put working from home guidance out for small businesses. These were kind of very broad but one of them was, if you do not have mobile security you should be looking at the NYC Secure app because people out there who are doing everything from deliveries to running a small business, who may have had a small stand before but are trying to find out new ways to get their products out there. So, you never know why you need mobile security necessarily, but it is always going to be people who need it and we were happy to be able to do it for New Yorkers during this time.”

Contact us

For more information on how we can help secure the citizens in your area, please contact us.

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post Zimperium Names Proven Finance and Operations Leader, Brian Szeto, Chief Financial Officer

Why Leading Cities and States Should be Protecting ‘Digital Citizens’ from Mobile Threats

Source

In a Sign of the Importance of Fintech, Switzerland Finance Minister Ueli Maurer to Address Singapore Fintech Festival

by

Switzerland has emerged as a Fintech friendly jurisdiction and home to many blockchain-focused financial services firms. The country  has long been an important banking center and the Swiss government is keen to maintain its status in a world that is going through a digital transformation.

In a sign of the importance of Fintech, Switzerland Finance Minister (Federal Department of Finance) Ueli Maurer will lead the Swiss participation in the forthcoming Singapore Fintech Festival, sponsored by the Monetary Authority of Singapore, that is scheduled to take place next month.

Switzerland Global Enterprise (S-GE) and the Swiss Business Hub ASEAN say that Asia remains an important market for the organization’s clients, internationally oriented Swiss SMEs. S-GE is the official Swiss organization for export and investment promotion supporting Swiss SMEs in their international business and helps innovative foreign companies to settle in Switzerland.

A Swiss delegation will again be present at this year’s Singapore Fintech Festival 2020 with a digital Swiss Pavilion. The goal of S-GE is to enable Swiss and Lichtenstein SMEs to realize their international business potential in new and existing markets. Singapore is, of course, a top Asian Fintech hub.

Maurer will lead the Swiss participation with a keynote speech titled “Fintech, Sustainable Finance and Innovation” followed by a panel discussion on the strengths of the Swiss financial center that includes the participation of: Thomas Gottstein, CEO Credit Suisse Group AG; M Ralph Hamers, CEO UBS AG, and Herbert J. Scheidt, President of the Swiss Bankers Association presenting their views. This session will be telecast “live” from the SIX Convention Point in Zurich on 7 December (5 pm SGT).

Registration for the Swiss satellite event can be completed here and is free to the public.

According to S-GE, seven Swiss Fintech companies will highlight their strengths in financial services technologies including regulation technology (Regtech), blockchain solutions, big data and analytics, algorithm trading and cybersecurity. The event presents an opportunity for Swiss Fintechs and their interested stakeholders in Asia to connect and build business linkages in a seamless manner.

The Swiss Fintech industry is said to be highly interested in Singapore, which is seen as a gateway into Asia. Interest in garnering a greater presence in Singapore arises from the Switzerland’s Fintech cooperation framework and agreements with ASEAN, China, India, Japan, and South Korea.

H.E. Fabrice Filliez, Ambassador of Switzerland to Singapore, says:

“The participation of the Swiss Pavilion at the annual Singapore Fintech Festival is an anchor initiative. In 2020, the participating companies will reflect the robustness of the Swiss finance ecosystem, paving the way for collaborations and partnerships in co-innovation and fresh ventures. With Singapore being Switzerland’s most important trading partner in Asia, Swiss fintech companies view the republic as an important gateway to the wider Asian economic region.”

Source

Hong Kong Crypto Platform Crypto.com Releases Polish Version of Mobile App & Exchange

by

Just days after announcing the Turkish version of its mobile crypto app and exchange, Hong Kong-based Crypto.com announced the platform’s Polish version. With the Turkish and Polish version platform will now support French, Spanish, Korean, Italian, Portuguese, and Chinese.

As previously reported, Crypto.com serves more than three million customers by providing them with an alternative to traditional financial services through the Crypto.com App, the Crypto.com Card, and the Crypto.com Exchange.

At Crypto.com, we are on a mission to accelerate the world’s transition to cryptocurrency.

The Polish language version of the Crypto.com App and Exchange can be accessed by:

  • Selecting Polski in Settings > Language on the Crypto.com App, or
  • Selecting Polski on the top right-hand corner of the Crypto.com Exchange.

Crypto also recently announced it secured an Adaptive (Tier 4) rating from the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework, developed by the US Department of Commerce. The crypto portal claims that it is the first cryptocurrency company to achieve this level with the NIST and the privacy network. The NIST Cybersecurity Framework notably provides a framework of security guidance for how private sector organizations can develop, assess and improve their ability to identify, protect, detect, respond and recover from cyber-attacks. Kris Marszalek, Co-Founder and CEO of Crypto.com, commented on the milestone by stating:

“Achieving the highest maturity level based on the NIST Frameworks speaks volumes to our commitment to security and privacy, which have been cornerstones of our business since day one. Having recently surpassed 5 million users,  we will continue investing aggressively in technology and process that maintains the highest standards of security and privacy in the industry.”

Source