The Indiana Cyber Hub Blog is your all-new, online resource featuring helpful advice and guidance from the Hoosier State's Cybersecurity Program Director, along with the perspectives of a wide range of cyber industry experts.
Wednesday, August 6, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In today’s blog, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, takes a look through the lenses of today’s smart glasses to share his perspective on what we’re seeing – both in terms of the innovation it represents, as well as the potential for what it means when it comes to our privacy and for those who we’re looking at.
By David Dungan
Smart glasses are a breakthrough in wearable technology, adding visual elements to the wearer without distorting their vision and interaction with the world.
With Meta AI glasses, made in collaboration with Ray-Ban, users can access their camera, record audio, and use artificial intelligence (AI) in a more convenient manner than smartphones. And it’s not just Meta that offers these types of smart glasses, with brands such as Xreal, Viture, Solos, RayNeo, and Amazon Echo Frames. These alternatives also offer features like integrated cameras, open-ear audio, and AI assistants, often with different design aesthetics and focus areas.
However, as their popularity increases and more people purchase them, the question of how they might affect someone’s personal and public safety becomes more prevalent.
A major concern with smart glasses starts with the built-in camera and microphone, which are always on and listening for the cue. Because of this, the features also affect people who aren’t wearing the glasses, especially if they’re unaware that the glasses are being used to record them. And while it’s true smart glasses could be useful in a courtroom, recording other people without their permission or knowledge can be tricky, especially depending on where you are when it happens. In particular, it could enable a person to engage in doxing or stalking someone or having any identifying information on unsuspecting people (for example, their addresses, classes, schedule, etc.).
Similar to dash cams that are used by drivers, being able to always record something that’s taking place in front of you might help to deter or discourage someone from engaging in unsafe driving/behavior, theft, or withholding information/evidence.
Conversely, it could be used, potentially, to help create safer environments while ensuring a greater measure of accountability. In medical settings, wearable technology provides real-time health monitoring, support, and emergency alerts. In providing hands-free access, it could help in facilitating telemedicine, allowing for remote consultations and diagnoses.
What’s more, cloud storage introduces vulnerabilities and data risks. For its part, Meta attempts to combat safety concerns by adding a small LED blinking light to indicate its recording. However, that feature could be unclear to the people around them and may not adequately inform those who are engaged in a conversation. Additionally, the battery life might not be sufficient for all-day use, and some users report issues with the frame build quality and audio quality in louder environments.
As it is whenever a new form of technology is developed or a product is brought to market, there is a responsibility not only with the manufacturer, but also with each of us, in how we use it. There’s no doubt that smart glasses offer convenience and protection and its features will, no doubt, continue to evolve at a rapid rate.
As it does, we will do well to focus on keeping in mind, as much as possible, the ethical considerations that come with anything that contributes to the collective progress we achieve as a part of our everyday life. And that includes using products in a way that’s not only responsible, but that it’s safe and secure.
Wednesday, July 30, 2025
Blog topics:
When you hear someone refer to the Internet as the World Wide Web (WWW), what comes to mind?
Perhaps, you’re laughing at your Mom or Dad because you’re 23 years old and hearing them talk about what it was like when yahoo.com was, actually, a big deal, is kind of hilarious. Or, maybe, the term “webmaster” – once used to describe someone who created every bit of a website – is a term that’s all but disappeared.
All kidding aside, regardless of your age or generation, or how you might be using technology when you’re online, the World Wide Web is a permanent part of our society. What’s more, it’s intertwined in, seemingly, every aspect of our everyday life. Maybe that’s why later this week, on Friday, August 1st, we will again celebrate World Wide Web Day.
Of course, before we begin the celebration, it’s important to keep in mind that whenever someone uses the words “internet” and “web” interchangeably, a computer scientist might be tempted take off their lab coat and throw it in the air like Bobby Knight once did with a chair.
You see, the internet, was first conceived in 1969, and it refers to the system of networked computers which makes things like web browsers, web pages, and other applications possible. It would be two decades later, in March, 1989, before Sir Tim Berners-Lee would submit his first proposal for what would become the World Wide Web.
With the help of Robert Cailliau, a Belgian informatics engineer and computer scientist, they developed the HyperText Transfer Protocol (HTTP) and set it up for release in early 1992. Interestingly, the World Wide Web was not initially intended for use by the public and was devised, instead, to be utilized by physicists to share data.
Yet, it would be just two years later, in April, 1993, the Web was put into the public domain, ensuring its place as an open standard. And by year’s end, there would be more than 500 known web servers and the WWW accounted for one percent of Internet traffic. By December, 1994, the number of servers had grown to 10,000. With 10 million users, the Web traffic was equivalent to shipping the collected works of Shakespeare every second.
How does that compare to today?
Given the fact that any server that uses software that communicates with hardware, whether supplied by cloud computing providers or small organizations, can be classified as an online server, it’s virtually impossible to pinpoint just how many web servers are in operation. By one estimate Data Center Trends once believed there were more than 100 million servers around the globe, with many of those being on the internet because they handle HTTP requests, DNS logs, and IP address authentications.
Regardless, it’s safe to say that there exists a mountainous amount of data that we’ve created. In fact, the amount of data generated worldwide soared from 2 zettabytes (ZB) in 2010 to a whopping 64.2 ZB in 2020 — which is more than the number of detectable stars in the cosmos.
In 2025, data creation is predicted to reach 181 ZB by 2025 (that’s 21 zeroes). And in case you’re wondering, a zettabyte is a unit of digital information equal to one trillion gigabytes.
Now that you might be feeling more than a little overwhelmed by all these numbers and bits of data, there are three things you can do to have some fun on World Wide Web Day including:
If nothing else, it gives us all an opportunity to revisit a time when we were surfing the Web while, at the same time, celebrating the fact that we’re not having to dial up a connection on our 56k modem!
Wednesday, July 23, 2025
Blog topics:
When it comes to cybersecurity, we’re often reminded to be kind when we’re online.
The same is true when we’re on our cell phones (or mobile devices). Maybe that’s why, this month, July is National Cell Phone Courtesy Month.
Reminding ourselves that it’s a good idea to be courteous when we’re on the phone is occurring at an interesting time, in that we’ve benefitted from all of the seemingly endless advancements in technology that have turned our phones into something that, at times, we use for everything but to make a call.
Because of this, it’s so much more than about our manners. As never before, phone scams are evolving with the help of artificial intelligence (AI), with sophisticated schemes that have resulted in phishing emails, deep fake videos, and fake voices that mimic real people and organizations that, up until now, we’ve had no reason not to trust. To say that they’re convincing would be an understatement (be sure to check out the timeline of some of the more notable deep fakes).
Robocalls continue to be a significant problem, with billions of calls received by Americans each month. While the Federal Trade Commission (FTC) estimates that scam calls decreased by almost nine percent in April, the financial damage from these calls remains considerable, with millions of dollars lost each quarter. In fact, the increase in the volume of calls reached its highest level since August 2023.
Vishing, or voice phishing, is another significant threat in 2025, with ongoing increases in both the number of attacks and the financial losses they cause. In 2023, vishing incidents rose by 30 percent, with 68.4 million Americans falling victim, according to the GSMA. One study indicated a 442 percent increase in vishing incidents in 2024, reports IBM citing CrowdStrike. This upward trend is expected to continue, with attackers increasingly focusing on bypassing security measures and exploiting human vulnerabilities to successfully carry out attacks.
The FTC estimates that consumers lost $280 million to phone scams in the first quarter of 2025; a figure that translates to roughly 15 cents lost per scam call, according to YouMail. Additionally, a survey from Experian indicates that 21 percent of Americans have lost money to text message scams. When it comes to reporting these crimes, statistically, women acknowledge they are being scammed more often while men tend to lose more money on average.
To help avoid trouble, there are several steps you can take to help make sure the calls you’re receiving are not only more courteous, but could save you money while, at the same time, protecting your identity, including:
Here in Indiana, if you suspect that you’re the victim of a scam, visit the Report A Cyber Incident page on the Indiana Cyber Hub website. And whether you’re reporting it as an individual or as a business owner, there are free resources you can access that’ll take you through the process, connect you with law enforcement and the appropriate authorities, as reporting a cyber crime or incident could help others avoid being impacted.
In addition to being more secure whenever we’re on our phones, National Cell Phone Courtesy Month is a great time to take a page from Major League Baseball’s Home Run Derby and knock one out of the park by practicing good habits and be considerate to our family, friends, and co-workers whenever we reach for our cell phone!
Friday, July 18, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In today’s blog, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, examines the balance between using Artificial Intelligence (AI) and its many potential benefits with making sure we adequately protect ourselves when it comes to our privacy.
By David Dungan
Artificial Intelligence (AI) is one of the most impactful contributions in modern technology to date. And yet, for all of the advancements it could and does represent, it is very much a work in progress.
Of course, in as much as we’re beginning to use it for a variety of purposes, including, but not limited to, our work, personal advice, translating languages, research, and simply asking random questions, AI is still very new with very little restriction and monitoring.
The U.S. government has yet to implement new nationwide AI and data privacy laws. There are some fragmented policies and a blueprint for an AI Bill of Rights is being developed. However, as all of this unfolds and, arguably, begins to take shape, it is necessary to understand the importance of protecting yourself online in an age where everything is online.
While AI can be an incredibly useful tool, it has the potential to collect all of the data you provide. Some AI engineers may not all follow the best practices or industry standards when it comes to protecting private data, AI can be programmed to remember anything you might tell it, including passwords, IP addresses, phone numbers, family names, the addresses of your home or office, even faces from the images (featuring all of us).
This all can lead to a potentially very dangerous leak, as collecting this data allows for potential cybercrimes like spear-phishing or AI plugins, which can be used to commit theft or fraud. You can always change your password in this occurrence, but you cannot take away any information that you give to AI. That being said, until it becomes more regulated and safeguarded, all of us need to be aware of the steps we need to follow to protect ourselves from cyber threats.
Here are some ways to keep your data private:
Understanding AI and any website or app you are trying to use is crucial to keeping yourself safe, including as to how it works or what its privacy policy is can help you better understand why it does certain things. A privacy policy is especially important: it details how the AI uses your data. Strong passwords and not revealing private information is not just great for helping to avoid trouble against hackers, as well as guard against password leaks. If the AI doesn’t have your personal information, there is nothing to find. Finally, having a strong antivirus and using two-factor authentication is the, consistently, the best way to secure and protect yourself online in the event there’s a breach.
Ultimately, AI is a tool that needs to be used with care. Any time you share personal information, you risk your safety and privacy, especially given the fact that your data isn’t always being stored and used in ways you would expect. Use it with caution and respect and you will reap many of the benefits that can come from using AI while, at the same time, avoiding some of the consequences that can come from being online (in any form). The more you understand about AI, the more control you’ll have over your privacy.
Wednesday, July 16, 2025
Blog topics:
In case you missed it (or ChatGPT didn’t generate the answer for you), today, July 16th, is National Artificial Intelligence (AI) Day!
In this space, we do our best to share with you the latest information about what’s happening in cyberspace – everything from the latest best practices, free resources and tips to the knowledge and expertise from recognized experts to provide their guidance in a way that’s intended to protect all of us.
That being said, there are few topics related to cybersecurity that have generated more attention, excitement and concern than AI and its tech savvy mechanism, you might say, machine learning.
Yet, for all of the talk about just how rapidly AI is advancing, it’s been around longer than people realize.
In fact, the idea of AI started in 1950 when Alan Turing published "Computing Machinery and Intelligence" and presented the question of whether a machine could "think for itself." Not long after that, in 1956, John McCarthy coined the term "artificial intelligence" while at the Dartmouth Summer Research Project on Artificial Intelligence. McCarthy, along with several other researchers interested in the project, gathered to create systems that could mimic the thought process of humans, including solving problems and improving learning. At the time, the research project brought some of the brightest minds in computing and cognitive science at the time.
There was a period in the 1970s and 1980s where AI advancements were stagnant due to limited advancements in computing power. However, increased data, more powerful hardware, and advanced algorithmic approaches have brought AI to the forefront to where it is today. The development of large language models like Gemini and ChatGPT in the 2020s marked a significant leap, bringing generative AI into the public consciousness and demonstrating AI's incredible potential for creativity and human-like interaction.
Here in Indiana, with cybersecurity and cyber resilience as a priority, AI is beginning to get a good amount of attention, as evidenced by the Hoosier State’s forming of an AI task force and information provided by the Indiana Department of Education that offers an overview of artificial intelligence (AI) in K-12 education. Focused on AI literacy, instruction and learning, impact, security, and resources, the guidance emphasizes the importance of responsible AI use, critical thinking, and preparing students for an AI-driven future while providing practical guidance for educators and school leaders.
Amid the progress that’s being made statewide and across the country, it’s important to keep in mind that one of the most significant benefits that AI offers is that it is constantly evolving through user interaction. In doing so, that interaction contributes to increasing the intelligence of the AI platform, which is beneficial for increased efficiency and automation for the user because each AI platform has its strengths and unique characteristics. Because of that, AI powers personalized recommendations and adapts to learning the user's needs, customizing their experiences.
Conversely, for all the benefits AI offers, it is certainly now without its challenges and concerns. For instance, in a report by Pew Research, 52 percent of Americans say they feel more concerned than excited about the increased use of AI. And just 10 percent say they are more excited than concerned, while 36 percent say they feel an equal mix of these emotions.
The share of Americans who are mostly concerned about AI in daily life is up 14 percentage points since December 2022, when 38 percent expressed this view.
As with any new technology, it’s safe to say that AI and machine learning are taking a permanent place in our digital lives. The impact that will come, as it progresses, is still, arguably, in our hands, as is the ability to embrace its benefits and the outcomes – for good – that it can provide for all of us.
Tuesday, July 8, 2025
Blog topics:
It’s National Video Game Day.
The fact that it’s actually true reveals some interesting numbers about an activity that isn’t just for kids, especially when you consider:
Unfortunately, amid all the fun we’re having with that kind of activity, cybercriminals are using phishing attacks to trick gamers into revealing their personal and financial information and their account credentials using a variety of tactics, including:
Fortunately, just as there are a lot of strategies, we can use to win the game we’re playing, there are some steps you can take to protect yourself when you’re online, including:
Regardless of the type of gaming you’re into, you just want to have fun, right? Yet, as we’ve learned with everything else we do online, there are risks, even if we think we’re going up against our friends, turning back the clock to play a game of Donkey Kong, or dusting off our ATARI Home Pong console for some (now) vintage video gaming.
Even with that, you don’t have to use any cheat codes to keep your gaming experiences safe and secure. Instead, be sure to stick to the best practices that are recommended and just as you would when you’re in the game, trust your instincts to make sure it’s “game over” for any would-be cybercriminals or scammers.
Wednesday, July 2, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In today’s blog, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses some of the steps all of us can take to avoid being the victim of a phishing attack. He’ll also examine the different types of attacks that cybercriminals are using and why it’s important for us to keep in mind that there’s a few things we shouldn’t do when it comes to protecting our personal and financial information.
By David Dungan
In 2000, there were approximately 361 million people with internet access worldwide; a figure that accounted for roughly six percent of the global population.
Fast forward a quarter century and that number has increased (extra) exponentially, you might say, to 5.64 billion people; a more than ten-fold increase that represents 68.7 percent of the world’s population
Of course, just as we’ve gone from accessing the internet to relying on it to help guide a lot (more) of us through many aspects of our daily life, it’s safe to say that the sophistication and frequency of phishing attacks have increased rapidly. So much so, that 1.2 percent of all emails sent are malicious. And, if that doesn’t seem like a lot, it adds up to 3.4 billion phishing emails every day.
Generally speaking, phishing attacks are used to gain login access by taking up a different identity and pressuring the victim; a scam that is engineered either by eliciting someone’s trust or generating fear by applying undue pressure. Phishing attacks are also designed to gain access to entire enterprise networks simply by stealing the personal information of a single user.
In addition to fraudulent emails, these attacks occur using text messages, and even apps like Microsoft Teams or WhatsApp to trick users into revealing their information. It is essential to understand how to mitigate phishing attacks, as we’ve come to realize, collectively, that they’re not going away. That’s both because of reasons related to human nature and the rapid rate at which technologies are being created.
Some of the more common types of phishing attacks include:
Phishing attacks can be difficult to detect and combat, so knowing how to avoid a potential attack is important. There are a couple of best practices that users can do to mitigate and overall reduce the chances of being attacked. The best anti-phishing practices include strong multi-factor authentication, awareness of what phishing attacks are in our educational systems and news, setting up internal email protection, and enabling database shutdown features for company systems. Additionally, making sure the spam filter is activated can as well. These methods can go a long way toward measurably reducing the likelihood of a phishing attack.
Users also need to know common phishing tactics that attackers use to gain victims' trust, including:
When it comes to phishing attacks, knowing what not to do is just as important as knowing what to do. For example, over-reliance on software could result in users who don't know how to properly respond when a threat happens. Never assume that your security knowledge is perfect. There is always something new to learn. Secondly, be sure not to leave inactive accounts open. Attackers target these accounts as a pivot point to gain trust quickly when gaining access to another account. Alternatively, if you are a business owner, ensure you close the accounts of previous employees or vendors that you no longer work with, as their accounts can be used for the attacker's benefit as well.
As phishing attacks evolve, the best protection is a combination of smart habits, utilizing and orienting everyday tools that we already have to behave more securely, and having constant awareness that computer risks in general are ever evolving. Staying informed, cautious, and consistent is key to keeping yourself and your loved ones safe.
Wednesday, June 25, 2025
Blog topics:
A package of chewing gum.
Fifty-one years ago this week, a 10-pack of Wrigley’s Juicy Fruit Gum, sold at a Marsh Supermarket grocery store in Troy, Ohio, was the first retail item scanned with packaging that featured the black and white stripes of what we now know as a Universal Product Code (UPC).
It’s from that little bit of history, you might say, that we’ve come to celebrate National Barcode Day. With it, of course, we’ve gained the convenience of scanning our own items, but it’s also provided cybercriminals and people engaged in what is known as Organized Retail Theft (ORT) with an unprecedented opportunity to disguise all kinds of mayhem and malware in barcodes and, more recently, QR codes.
Broadly defined, there are five types of retail-related crimes that are trending that include:
At the same time, barcode theft occurs primarily in two ways:
Criminals will create fake QR codes that appear to be legitimate, and they place them on packaging, in-store displays, or even on top of existing QR codes. Some of the situations are simpler, such as placing a fake menu on a restaurant table or a fraudulent payment link at a parking meter.
As with a lot of online fraud, there are steps you can take to avoid being scammed, including:
It’s a good idea, too, to verify the website address carefully after scanning it, making sure it is the legitimate site you’re expecting to visit. And instead of scanning QR codes to download apps, use the app store for your device.
As always, if you encounter a fraudulent QR code, or you’re at a retail store and you believe that the UPC code is not the correct one for that product, be sure to bring it to the attention of the business owner or the authorities to help prevent others from falling victim to the scam.
There’s a lot of trusted sources out there, with additional information to help you stay safe when it comes to checking a price or downloading a QR code for that “free trial” that was featured last week during a broadcast of the NBA Finals. (Spoiler alert: it was an offer to try out YouTube TV and it was legit).
There’s a popular phrase I’ve heard some people say – before heading out to their favorite store – that “you don’t know what you need, until you look” (or, in this case, shop). And while that may be true or, at the very least, should be considered good advice, you’ll want to make sure your experience with QR codes and barcodes is a memorable one, whether you’re buying a cool new stereo speaker or a pack of gum. Here’s hoping you can scan fearlessly!
Wednesday, June 18, 2025
Blog topics:
Summer is an interesting time of year.
We spend, at least, some of the time trying to take advantage of the warmer weather to get away on vacation. And, of course, we hope that the weather – when we arrive at our destination – is nicer than it is at home, right?
Or, maybe, we decide to stick closer to home and do some summer cleaning, mostly by closing our eyes and getting rid of some of the stuff we know is cluttering up our closet or garage. Yet another option is to get out in the yard and plant some flowers or take care of the garden. In fact, there’s some people who will tell you that digging in the dirt is their therapy!
So, you might ask, what does any of this have to do with cybersecurity?
In Salem, Indiana, and all over the country, June is National Internet Safety Month!
Established by the U.S. Senate in 2005, it’s focused mostly on families and kids (of all ages). With school out and the opportunity to spend more time together, the intention of Internet Safety Month is to raise our awareness about online safety and remind all of us of the recommended tips and best practices that are out there to protect us from cyber threats and, at the same time, help us make our way more securely through the digital world we live in.
It’s important to keep in mind, according to one recent survey, that, on average, a child in Indiana received his/her first cellphone or mobile device at 10.82 years of age. In the same study, parents in Indiana were asked at what age do they wish they had given their child a cell phone, the answer is 12.18 years old. That’s a key factor when you consider that by the age of 12, 50 percent of all children have social media accounts, primarily on Facebook and Instagram.
That being said, in today’s ever-changing world, there are plenty of things we can do this week and this month (and year-round) to celebrate our Internet safety, including these 10 helpful tips from the National Cybersecurity Alliance, such as:
Of course, because it’s summer, we’re mobile and whether we’re meeting up with our friends for lunch or we’re on the road, there are a few steps you’ll want to follow that’ll add to our own personal cybersecurity, including:
Now that you’ve got a few more things to add to your summer “to do” list, have fun and for the latest resources when it comes to enhancing your cybersecurity awareness, visit the Indiana Cyber Hub website and enjoy your summer!
Friday, June 13, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In today’s fourth and final part of our “cyber impact” blog series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, explores one of the most sensitive aspects of our life – our health care.
He examines the challenges that hospitals and health care providers and practitioners – of every size – are dealing with as a way to deliver all of us a compassionate level of care while, at the same time, safeguarding not only our personal information and medical records, but also the instruments and systems they rely on to keep us healthy.
By David Dungan
In today’s high-tech healthcare environment, connected medical devices have transformed patient care, but they’ve also introduced a new and dangerous threat - cyberattacks.
As hospitals, as well as healthcare providers and practitioners, increasingly rely on networked devices, understanding the risks of hackable medical equipment is more critical than ever.
A prime example of this is the integration between medical devices and clinical systems. However, this connectivity also exposes medical devices to greater cybersecurity risks. As medical devices, software, and operating systems become more interconnected within healthcare environments, managing and securing these complex systems becomes an increasingly difficult and complex challenge.
Given this, it is essential to understand that medical devices are vulnerable to a range of cyberattacks such as ransomware, man-in-the-middle (MitM) attacks, denial-of-service (DoS) attacks, and unauthorized access, which could lead to disrupted care, data breaches, or even the loss of life, if their security is compromised. Fortunately, there are several steps that can be taken by the hospitals and healthcare providers to help reduce these risks, such as regularly updating device software, conducting security audits, and choosing vendors that prioritize cybersecurity.
Just as we’ve seen a rapid increase in the interconnectivity of medical devices, so, too, have we seen the emergence of several critical vulnerabilities that can directly impact patient safety.
Some of the more vulnerable devices include:
Many hospital networks often run legacy or end-of-life systems, leaving them vulnerable to a variety of potential attacks. Threat actors can remotely gain control of the movements of surgical robots, which could have significant consequences. Fortunately, cyberattacks on pacemakers are extremely rare, and usually require physical access; however, they have been vulnerable to wireless signal interception.
Insulin pumps can be safely controlled remotely, and dose information or instructions are transferred in plain text. However, any changes in the insulin dosage could result in hypo- or hyperglycemia. MRI results can also be intercepted and altered. Medical machines may fall victim to wider-scale attacks on hospital networks. Many times, once one device is infected with malware or ransomware, the attack can be replicated through other similar devices throughout the network. Different devices and functions of the hospital may be impacted by downtime from a chain of devices or even a single device.
In conclusion, the growing reliance on connected medical technologies demands a proactive approach to cybersecurity. Without strong safeguards, the very systems designed to save lives may become tools that could compromise our, otherwise, good health.
For example, should an MRI image be compromised and modified by an attacker, the entire treatment plan for that patient could be drastically different than what is needed in reality. Situations, such as this, underscores the urgency for more robust security measures to protect their patient’s data and their quality of life.
To proactively defend against cyberattacks and cyber incidents, hospitals, providers, and practitioners are advised to adhere to cybersecurity standards and best practices, particularly as it involves a patient’s privacy with HIPAA, and the requirements involved with HITRUST certification. It’s also a good idea to be sure to develop and maintain a System Security Plan (SSP) and consider joining information-sharing networks like the Health Information Sharing and Analysis Center (H-ISAC).
Here in Indiana, another resource for the health care industry – at all levels – that can be used at no cost is the Healthcare Cyber in Box 2.1 Toolkit. With materials that are free to download, the Cyber in a Box provides organizations with three levels of expert guidance to help create even more of the systems needed for keeping their operations secure while, at the same time, helping to protect their patients and preserve both their digital, as well as their physical well-being!
Wednesday, June 11, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In today’s part three of a four-part “cyber impact” blog series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, takes a look under the hood at some of the potential cyber risks that exist with our vehicles – ranging from the key fobs we use and the navigation systems we rely on to what can happen with certain parts in the supply chain (as in before it’s manufactured and we get a chance to drive it off the lot).
He shares his perspective on what we need to look for when buying a new or used car or truck and some of the steps that are being taken to protect us, so we don’t get taken for a ride!
By David Dungan
As cars become more technologically advanced, the potential for cyberattacks on vehicles is rising at a rate that might surprise you.
In 2024, the automobile industry experienced a significant rise in cyberattacks with more than 400 reported incidents recorded, amounting to an increase of 39 percent compared to 2023. And not unlike the damage that occurs with a car crash, the impact of these incidents is devastating, affecting millions of vehicles, fleets, and mobility services. What’s more, the crimes that are committed range from vehicle theft, malware, and location tracking to car system manipulation impacting vehicle control and disrupting a service business to data privacy breaches.
Add to that, with digital dashboards replacing traditional instrument clusters, the advent of self-driving cars, and the growing demand for state-of-the-art electric vehicles, drivers need to be informed of the risks associated with the vehicles we’re driving.
In many passenger vehicles, the most vulnerable components include:
Key Fob Vulnerabilities
Wireless transmissions from vehicle key fobs are susceptible to interception. Threat actors may relay these signals using wireless transmitters and gain unauthorized access to vehicles. With key fobs and a few inexpensive tools, cars can easily be started or hotwired. Key fobs should be stored in safe locations and drivers should be aware of any suspicious activities that’s occurring near your vehicles.
Embedded System Exploits
Embedded systems, such as infotainment and navigation, are vulnerable to cyberattacks. Threat actors can hijack vehicle location information and access stored data. Mobile devices connected to vehicles via Bluetooth can introduce additional attack vectors. Threat actors can also take over and compromise electronic control units (ECUs), which manage the telematics (vehicle monitoring and automatic safety measures), via connected smartphones. Embedded systems also pose a significant risk through several avenues to vehicles and drivers’ confidential data. For example, attackers may exploit vulnerabilities to manipulate and access sensitive data, like contacts or saved/frequented addresses, without the user being aware of any potential danger.
Supply Chain Risks
Another risk for luxury car models is the supply chain. Tech products produced in Russia and China have caused privacy concerns in some vehicles. According to the US Department of Commerce, vehicles that include Chinese tech products are considered national security risks. Some suppliers ship products that are inherently vulnerable to cyberattacks. Russian state-sponsored attackers have exploited back doors in Automated Driving Systems to control vehicles and their embedded functions remotely. Additionally, Russian products enable data compromise and continuous monitoring of drivers’ information. The Department of Commerce also issued a mandate to restrict the use of Russian and Chinese components in vehicles, with compliance required by 2027.
Cyberattacks: It’s Happened
In 2022, luxury car models from manufacturers including Mercedes-Benz, Porsche, and BMW suffered attacks that enabled remote code execution. Threat actors sent malicious commands to these vehicles to remotely start or stop vehicles, lock and unlock car doors, intercept navigation and location data, and compromise personal information within a vehicle’s storage system. Thankfully, these attacks were identified early through security monitoring. Because of this proactive response, security patches were deployed to ensure the user’s safety and prevent exploitation.
Wi-Fi and Cellular Network Risks
In some instances, in-vehicle Wi-fi systems have been exploited at close range. Researchers affiliated with the FBI studied several unnamed models of cars over a two-year period and discovered that exploits and remote control of the Electronic Control Unit (ECU) were possible using the car’s Wi-Fi connection from a range of 100 feet. The experiment also showed that vehicles could be compromised through cellular service from anywhere on the carrier’s network.
Because these issues are massive security concerns, vehicle manufacturers have diligently deployed patches. Car owners should regularly check for recalls according to their vehicle identification number (VIN) to keep their systems up-to-date and safe from cyber threats.
NOTE: Be sure to come back and check out Part 4 of our blog series on Friday, June 13th, as David Dungan wraps up our “cyber impact” blog series by exploring one of the most sensitive aspects of our life – our health care. He examines the challenges that hospitals and providers – of every size – are dealing with as a way to provide all of us with a compassionate level of care while, at the same time, safeguarding not only our personal information and medical records, but also the instruments and systems they rely on to keep us healthy.
Friday, June 6, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In today’s part two of a four-part “cyber impact” blog series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses the impact of the Internet of Things (IoT) devices we’re using and offers his perspective on how we can stay connected while, at the same time, reminding us of the steps we can take to keep a cybercriminal from using the smart controls on our refrigerator to steal our personal data.
By David Dungan
Having the ability to control your fish tank’s thermometer remotely seems like a handy tool with no downsides, right? Well, not exactly.
Because as one very large casino experienced a few years ago, it was that internet-connected thermometer that led to its operations being hacked.
Smart TVs, home assistants, and other Internet of Things (IoT) devices often reach the end-of-life stage, meaning they do not receive updates anymore, without us even realizing it. Around the world, 18.8 billion IoT devices are connected, many of which have reached their end-of-life and are vulnerable to new and existing vulnerabilities. Add to that, recent estimates predict that by year’s end there could be more than 30 billion connected IoT devices globally, with some sources suggesting even higher numbers at 75 billion.
Of course, there have been plenty of other instances involving a myriad of products we use inside at home that have been comprised or because of the access they were able to gain, someone’s personal data or financial information has been stolen.
Buffer overflow and denial of service are two examples of some of the most common cyberattacks against home IoT devices. Given this fact, IoT devices may also be vulnerable to other code injection attacks. Some IoT devices should be avoided altogether, whenever possible, while others must be used cautiously. End-users should also determine which devices are genuinely necessary and how much risk is acceptable.
For example, a company may decide not to encrypt non-sensitive public-facing data because the data doesn’t contain personal, financial, or sensitive information. In doing so, it provides a would-be cybercriminal less of an attack surface, upon which they could use to try to hack those devices with a ransomware attack.
Some of the more vulnerable home IoT devices include:
● Smart home assistants
● Smart TVs
● Smart plug-ins
● Media players
● DVRs
● Cameras
● Video Doorbells
● Internet-connected appliances
● Automated lights, air conditioners, and heaters
For a business, the type of IoT devices that could be compromised encompasses everything from the aforementioned fish tank and the smart coffee machines in the employee break rooms to the automated equipment controls on a company-owned vehicle or piece of machinery.
Essentially, there are two main ways of mitigating the effects of IoT-based attacks: containment and maintenance. The first way of limiting the effect of an attack is to accept the fact that IoT devices are less secure than other devices and it’s best to keep them on their own network. By separating them from the network where your sensitive information is stored, you can reduce the risk of an attack that could, otherwise, result in your device being compromised and your personal and/or financial information being stolen.
The second way of limiting the effect is maintenance. By properly maintaining your IoT devices and ensuring that they are always updated and have the latest patches, you can help in mitigating the likelihood of an attack. This also means that when the devices are considered end-of-life you should either stop using the device or disable its IoT functionality.
Nothing in cyberspace, it seems, is completely safe from being hacked, so it falls to all of us to provide our own line of defense and take the extra (or even the necessary) precautions to secure our IoT devices – including these nine tips as featured in a recent article by Netgear.
For industrial applications, the path to achieving a greater level of security involving IOT devices will also vary depending on the market, segment or business you’re involved in, but it relies on the same principles for educating employees on best practices and proactively managing your assets as a solution for keeping your data and systems secure.
Of course, regardless of the strategy you decide on implementing, just make sure that someone takes a look at the fish tank and, just as you try to do when you’re on vacation, remember that it’s OK to unplug!
NOTE: Be sure to come back and check out Part 3 of our blog series on Wednesday, June 11th, as David Dungan discusses some of the cyber threats involving the vehicles we drive. He’ll look at everything from the potential risks that exist in the supply chain to the key fobs and electronic control modules that we rely on to stay on the road.
Wednesday, June 4, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, begins a four-part blog series that will focus on some of the products and sectors that we rely on, as an essential part of our everyday life, that are being targeted by cybercriminals.
In addition to discussing the potential risks and vulnerabilities, David offers his expert perspective regarding the steps that we can take to stay protected. In part one of this series, David examines our U.S. critical infrastructure and the significance of the work that’s being done to help protect everything from our electric power grids and our food supply to the behind-the-scenes systems and data that helps in keeping everything working properly.
By David Dungan
The safety and security of our critical infrastructure stretches into every aspect of our daily life.
And, just as the complexity of those systems continues to advance rapidly, thanks to the advancements we’re making in technology, so, too, has the sophistication of the cyberattacks that are occurring, here in the U.S. and abroad. Because of that, companies are beginning to recognize the necessity of making sure that critical patches are made, along with the priority of fixing them to protect against these attacks.
If threat actors attack these vulnerable areas, it can lead to national disruption. Unfortunately, it doesn’t stop there, as a cybercriminal can try to impact food manufacturing, manipulate chemicals used for pesticides, or interrupt our critical communications channels. Any of these scenarios could impact us on a significant level, including our economy.
All told, there are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on our security, national economy and our public health or safety (or any combination involving any of these listed).
Within these sectors, there is a significant portion of our public infrastructure that has been impacted by cyberattacks and cyber incidents, largely because they are considered insecure targets due to limited budgets and less access to the resources needed to protect against more sophisticated attacks. Because of this, these entities are viewed as being more susceptible to a larger financial loss for a variety of reasons.
In 2024, U.S. utilities faced an increase of nearly 70 percent in cyberattacks compared to the same time period in 2023. Tens of thousands of customers were without power due to these attacks. State actors and hacktivists are highly motivated and often target critical infrastructure, especially power grids.
To prepare for these challenges, a recent article in Forbes highlights seven key steps critical infrastructure companies can utilize to help solidify their cyber defenses including:
Here in Indiana, a key resource for supporting critical infrastructure owners and operators is the Indiana Information Sharing and Analysis Center (IN-ISAC). Developed by the state and its partners, IN-ISAC was created to mitigate cybersecurity risks among state agencies through the sharing of threat information and collaboration on strategies. It provides real-time network monitoring, vulnerability identification, and threat warnings. Nationwide, multiple states operate ISACs, and all 50 states participate in the non-profit Multi-State ISAC.
It is through channels, such as IN-ISAC, critical infrastructure owners and operators are able to gain access to high-level security consulting (at no cost), as well receive assistance with troubleshooting and identifying the resources they need as it regards incident response/preparedness.
NOTE: Be sure to come back and check out Part 2 of our blog series on Friday, June 6th, as David Dungan takes a look at what is known as the “Internet of Things” (IoT) devices. What are we talking about? Basically, anything you can hook up to an Internet connection (and, at last count, there are some wildly broad estimates that we'll have between 30.9 billion and 75 billion of these devices worldwide by the end of this year)!
Wednesday, May 28, 2025
Blog topics:
In the month of May, we do a lot of celebrating.
We take a day (and usually, a weekend) to honor our moms. For a lot of us, there’s graduation ceremonies and weddings to attend. And just about the time we think it can’t get any busier, there’s everything we do during the weekend leading up to Memorial Day.
With all of the parties, it’s fitting, perhaps, that May is also National Photography Month!
And while it’s often been said that “a picture is worth a thousand words”, you might be interested and, maybe, even surprised to learn that every time you take or upload a photo using your smart phone or digital camera, it generates 145 rows of metadata, including the exact date, time, and GPS location that the image was taken. It includes many other details as well, such as the type of camera and the settings that you used.
Known as EXIF data (short for Exchangeable Image File Format), it’s a standard that specifies formats for images, sound, and ancillary tags that are recorded by digital cameras. To be clear, there are plenty of legitimate reasons to have this data stored in pictures. In fact, in some ways, we’ve benefitted from the features that having this data can provide when we’re searching for a photo we’ve taken – using a date on the calendar – or we’ve wanted to trace the path we followed on a recent vacation based on photos that appear on a map.
But what happens, you might ask, when you decide to share these photos on social media? Thankfully, sites such as Craig’s List, eBay, Facebook, Instagram and others strip away most of that EXIF data before posting it publicly. That doesn’t always happen, however, when you’re using messaging apps, public forums, online forums, and even your own personal website where the process to remove that personal data may not exist.
As an example, if I were to message you based on a listing on Craig’s List to ask you for additional photos and then, you emailed them directly to me, it’s possible that the other person could view the EXIF data to find out what kind of phone you use which might reveal some details about your economic status, as well as the exact GPS coordinates of your home.
In understanding how all of this works, it’s a bit of a balancing act of weighing the features and benefits you gain versus any legitimate concerns you have about maintaining your privacy. There’s a video on YouTube that’s informative and provides some easy-to-understand information about the EXIF data and how it can be used to securely store and share your photos.
In following these tips, it’s a good idea to use the “rule of three” and rely on three different methods for backing up your photos – including two that are on-site and one off-site to minimize the chances that what you’re storing isn’t lost to a fire or theft.
A great article on TechRadar.com provides some of the best ways for making it easier, including:
At a time when it seems as though that part of the advertising pitch – from the people who try and entice us to purchase the latest, most advanced mobile devices – is that it’ll turn all of us into professional photographers or videographers.
Instead, let’s celebrate the people who are the real pros when it comes to creating artwork through a camera lens while trying our best to keep the image of our thumb out of whatever memories we’re trying to capture (and keep secure)!
Wednesday, May 21, 2025
Blog topics:
If it’s true that the Indianapolis 500 is the “Greatest Spectacle in Racing” (and it is…), there’s a good chance that Memorial Day weekend may soon take its place as the “Greatest Spectacle in Road Trips”.
And while it’s true, that you’re not going to see any other place on Earth – besides Speedway, Indiana, host an event where more than 350,000 people will gather inside the Indianapolis Motor Speedway and create for a day the Hoosier State’s third largest city – Memorial Day travel is projected to beat a 20-year-old record.
According to AAA, 45.1 million people are expected to hit the road and venture out at least 50 miles from home beginning Thursday, May 22nd through Monday, May 26th!
Here in Indiana, nearly 971,000 people are expected to travel, with more than 883,000 driving while 52,000 will take to the skies and another 35,000 will use trains, buses, and other modes of travel to reach their destination. All of it adds up to the highest volume of travelers ever on record for the holiday weekend (and that includes National Road Trip Day on Friday).
Of course, for all of the fun we expect to have while we’re away, cybercriminals are already making their own plans to try and take advantage of all of us with a variety of online scams – involving everything from fake charity appeals (especially those targeting veterans and their families), fraudulent travel deals and counterfeit tickets (to sporting events) to all sorts of phishing emails and text messages.
Before heading out, it’s a good idea to follow just a few simple steps to stay protected, such as:
Once you arrive, be it at the track, your in-law’s house, or the resort where you’re staying, there are a few best practices you can follow, too, while you’re on the go, including:
As you and your family, friends, and co-workers get ready for the weekend, it’s important to keep in mind that, in as much as we’ve reached a point where the Memorial Day weekend is recognized as a celebration (as well as the end of the school year and the start of summer), it’s also a time for reflection on Memorial Day (on Monday, May 26th); a day of remembrance of those who’ve died in active military service to our country.
With that in mind, here’s hoping that wherever you are and whatever you’re doing, that you experience not only safe travels in reaching your destination and returning home, but that you’re able to stay protected whenever you’re online!
Wednesday, May 14, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, examines the circumstances surrounding some of the high profile cyberattacks that have occurred globally, and offers his perspective on the impact and what we can to help ourselves (and the companies we work for) to try and avoid being impacted by online fraud.
By David Dungan
Cybersecurity is a massive industry.
According to a recent report, the global cybersecurity market size was estimated at $245.62 billion (USD) in 2024 and it is projected to grow at a compound annual growth rate (CAGR) of 12.9 percent between now and 2030.
Amid all of this growth, there are a multitude of companies – here in Indiana, across the country, and globally -- that host their own cybersecurity programs. There are those who specialize in everything from incident response, intrusion detection and prevention, to monitoring and more.
With so many programs out there to help us with our cybersecurity behind the scenes, it’s easy to wonder how big companies even get hacked in the first place. After all, they have copious amounts of money with which to buy these security solutions. But perhaps, therein lies the problem.
As we’ve learned, large corporations are appealing to threat actors because they have large amounts of money and assets. Successfully executing a cyberattack on a large company can lead to the loss of critical data from clients, customers, employees, vendors, and associates. In 2024, according to the FBI’s Internet Crime Complaint Center, reported losses due to cybercrime in the United States reached a record $16.6 billion; that’s a 33 percent increase from the previous year. In the same report, it was noted that there were 859,532 complaints, with the most significant losses reported in cases involving investment fraud, particularly involving cryptocurrency – totaling more than $6.5 billion!
Therefore, despite the risks of trying to hack a large company, there are additional rewards that are very appealing to threat actors, including:
The most common hacks on large companies are credential theft or known vulnerability exploitation. Credential theft happens when a trusted individual within an organization has their credentials stolen by a threat actor, allowing the threat actor to take actions that require elevated privileges. Credential attacks can be disastrous and represent the reason why many high-level organizations are adamant about relying on the practice of using secure credentials that are regularly changed.
Known vulnerability exploitation is another risk to large companies. Hackers exploit known vulnerabilities by finding out what systems a company uses. From there, they invest their efforts in discovering what vulnerabilities that system has had in the past. Then, they test these vulnerabilities against the systems, seeing if the company has yet to patch them. Large companies, especially ones that have thousands of devices in use across their organization, are prone to these types of attacks; after all, it’s exceedingly difficult and expensive to ensure every single last device is properly protected.
Large companies may seem like the paragon of security. However, with so much to look after, it can and is difficult to fill every crack. The next time you see a crazy password requirement, or an expectation to use multi-factor authentication (MFA), you can think about the outcomes of a credential attack, and, perhaps, take it in stride and it'll be easier than you think. In fact, there's a few (relatively easy) steps you can take to help you avoid trouble.
After all, it’s the resources of this massive industry that works day (and night) to keep you and your company as well protected as it can be in today’s ever-changing threat environment!
Wednesday, May 7, 2025
Blog topics:
Every May, for more than 60 years, we’ve celebrated Older Americans Month; it’s a time for all of us to honor the contributions by older adults to our society – in the past and present –while at the same time, we, collectively, come together to reaffirm our commitment to support them with our compassion and respect.
This year’s theme, Flip the Script on Aging, focuses on transforming how society perceives, talks about, and approaches aging. It encourages individuals and communities to challenge stereotypes and dispel misconceptions. As part of the celebration, we’re also invited to explore the many opportunities for staying active and engaged as we age and highlight the opportunities that come with aging.
With that in mind, one of the issues that we need to “flip the script on” is taking the steps to help older Americans avoid being the victim of online fraud and cyber scams.
In 2024, according to a report from the FBI, older Americans reported that nearly $4.9 billion was stolen from them through fraud, with the average loss coming in at $83.000. That’s an increase of 43 percent. What’s more, adults 60 and older submitted the most complaints of any age group (more than 147,000).
Here in Indiana, in the same report, senior citizens experienced the largest financial losses due to cybercrime in 2024, losing more than $37.2 million. The figure represents a substantial portion of the total $125.1 million in losses reported by Indiana residents due to internet crime in 2024. All told, there were 23,659 internet crime complaints last year.
It doesn’t stop there, as these figures represent just a fraction of the actual amount, for two reasons. Some victims who submit reports to the FBI’s Internet Crime Complaint Center at IC3.gov don’t include their age. Add to that, many victims are reluctant to come forward to report these crimes, either because they’re embarrassed or they believe that there’s no point due to the fact they believe their money is gone for good.
There are four categories, nationally, that account for the biggest financial losses on victims, 60 and older including:
Fortunately, there are steps we can take every day, both in terms of following a range of best practices designed to keep us safe, and reminding ourselves to listen to the numerous trusted sources who are out there providing their expertise and guidance to help all of us gain an even greater measure of awareness for all things cyber.
Among the steps that the FBI recommends includes:
Through the state of Indiana, there are also free resources that you can download by visiting the Indiana Cyber Hub website, including a page (and more FREE resources) devoted to helping you in the event that you need to report a cyber incident. If you think you’re a victim of identity theft, the page includes advice on the immediate steps you need to take, along with a full list of the resources that are available to help you!
At a time when cybercrimes have been all too frequent and more sophisticated than ever, it’s easy to feel – regardless of our age or where we’re at in our life – to think that we won’t allow ourselves to get tricked out of our personal or financial information.
Maybe that’s what we need to do to celebrate Older Americans Month, is to flip the switch on the cybercriminals by trusting our instincts, but, at the same time, being willing to show that it’s OK to adapt to today's technology, just as we’ve done with a lot of other things that are popular in the world we live in. You got this.
Tuesday, April 29, 2025
Blog topics:
For all of the technology, logistics, and, yes, the threats – both cyber and kinetic – that surround our global supply chain, there’s nothing more vital, for all of us, than to focus on the protection of our critical infrastructure.
After all, it’s the things that keep us up at night – in terms of finding solutions – is why we’re able to work on making sure it runs smoothly during the day, regardless of which corner of the world you’re in.
And it doesn’t matter if the problem that it’s in front of you exists at a shipping port in Seattle, a water and wastewater treatment facility in a small Indiana town, or you’re a field engineer overseeing the construction of a bridge that links together the boroughs of Manhattan, Queens, and the Bronx, it’s one of the reasons why, today, we celebrate the importance of National Supply Chain Day!
Supply chain cyberattacks are surging, with one report indicating a 431 percent increase between 2021 and 2023. In fact, there are projections that suggest this trend will continue, with Gartner predicting that by 2025, 45 percent of organizations globally will have experienced such attacks. This is a significant increase from 2021, and experts estimate the global cost of software supply chain attacks could reach $60 billion by the end of the year.
As grim as some of that is, there are steps that can be taken to try and help mitigate the frequency and impact of these incidents.
Starting with the premise that any issue involving cybersecurity and the supply chain cannot be viewed strictly as an IT-only problem, it’s important to keep in mind, too, that cyber supply chain risks touch everything from sourcing, vendor management, supply chain continuity and quality, to transportation security and many other functions across the enterprise.
Because of that, it requires a coordinated effort to achieve the kind of outcomes we expect, as it relates to protecting the data that exists within our critical systems, but also to ensure that what we’re doing provides for the safety of the people whose livelihoods depend on it all running smoothly.
Published by the National Institute of Standards and Technology (NIST), there are three key principles for maintaining a high-level security within the supply chain, including:
As you take all of that into account, it’s no secret that the risks to the supply chain are as varied as they are sophisticated, including from:
There are many different ways for companies, as well as local government, utilities, and other organizations that comprise our critical infrastructure to improve upon their supply chain management while increasing their operational efficiencies. At the same time, strides are being made to manage their costs, even as they take steps to protect themselves against the likelihood of experiencing a cyber incident or having their data or systems compromised by a cyberattack.
What’s more, there is a great deal of free resources available from trusted sources, including the Cybersecurity Infrastructure and Security Agency (CISA) and the Defense Logistics Agency. And, for businesses that are looking to build on their supply chain management, there’s a recent report from Oracle highlighting the 15 best practices that businesses can follow to stay protected and, most of all, secure. Here’s hoping this adds to the celebration!
Wednesday, April 23, 2025
Blog topics:
PERSPECTIVES FROM THE CAMPUS
One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name "Perspectives From the Campus Series”, we invite experts -- immersed in the pursuit of educating their students -- to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.
In the latest installment of this series, David Dungan, who serves as the Executive Director at the Center for Security Services and Cyber Defense at Anderson University, discusses the importance of the proactive role that cyber incident responders provide as it relates to keeping companies and organizations safe and secure when it comes to avoiding a cyber incident or falling prey to a cyberattack.
By David Dungan
Cybersecurity is becoming more present in everyday life and business environments. Workers are dealing with new cybersecurity requirements every day - don’t click on links in your email, don’t use thumb drives, don’t breathe on the space bar, etc. But what happens when an employee makes that mistake? Accidentally clicking on a bad link, downloading a trojan virus - what steps does the organization take next? They call in the cyber incident responders.
Cyber incident response can be a difficult and high-stakes job. Cyber incident responders are in charge of making sure that the organization can be up and running, safely and securely, as soon as possible. Their job is to limit the impact of a cyber incident on an organization, often saving the company time, money, and resources. They do this through a number of steps before and after a cyberattack.
Before a cyberattack, companies and organizations are well advised to take several precautionary measures, which can help hinder, or potentially stop, an event before it occurs in the first place. Among the steps you’ll want to initiate and follow include:
However, precautionary measures can’t always cover every situation; this is especially true when it comes to zero-day attacks. Once an event has occurred, incident responders often have to switch gears and dedicate time to:
So, how much money do incident response plans actually save? To measure this, IBM has their Cost of a Data Breach report, stating that companies that invested in cyber response were saving $1.7 million dollars per breach over companies that skipped it. Even if the incident has already happened, having proactive and reactive measures in place is vital for the company or organization to recover as smoothly as possible.
Of course, the precautionary measures that incident responders put in place are only as effective as the ability by everyone following through and implementing what’s been recommended. It comes down to doing the little things, or the basic steps we take every day, such as making sure you close your laptop whenever you get up, even if it’s just dropping off some paperwork next door.
And be sure, as always, to avoid opening any emails you find to be suspicious or clicking on any links that might be trying to take you – and your company’s critical data or its finances – to a scam from a would-be cybercriminal that could be from anywhere, even if that “anywhere” is halfway around the world.
In doing so, you’ll be better prepared and, for that, to borrow a line from the movie, “Ghostbusters” you’ll be able to answer the question of “Who you gonna call?” thanks to your cyber incident responders and the important role they play in keeping all of us cybersafe and secure!
