Apple devices getting beefed-up defense against spyware
Apple on Wednesday unveiled a new way for activists, journalists and other targets of state-sponsored espionage to protect themselves from spyware.
A Lockdown Mode being added to iPhones, iPads, and Mac computers is intended to counter threats from a thriving industry that provides sophisticated espionage tools to governments.
“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Apple head of security engineering Ivan Krstic said in a blog post.
The tech giant is upping the bounty it pays researchers for uncovering vulnerabilities in its software when it comes to Lockdown Mode, raising the maximum reward to $2 million.
Concerns over digital snooping have been fueled by media outlets reporting that Pegasus spyware made by NSO Group in Israel was being used by governments to surveil opponents, activists and journalists.
Apple is suing NSO Group in US federal court, saying the Israeli firm’s spyware was used to attack a small number of iPhone users worldwide.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” Apple senior vice president of software engineering Craig Federighi said when the suit was filed late last year.
“That needs to change.”
Pegasus infiltrates mobile phones to extract data or activate a camera or microphone to spy on their owners.
NSO Group says the software is only sold to government agencies to target criminals and terrorists with the green light of Israeli authorities.
A Spanish court last month said a judge wants to visit Israel to quiz the NSO Group’s top executive over a top-level hacking scandal involving the Spanish premier’s phone.
Meanwhile, Google last month said that an Italy-based firm’s hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, casting a light on a “flourishing” spyware industry.
Google’s threat analysis team said spyware made by RCS Lab targeted the phones using a combination of tactics including unusual “drive-by downloads” that happen without victims being aware.
Google said it warned Android users targeted by the spyware and ramped up software defenses.
The Google threat team is tracking more than 30 companies that sell surveillance capabilities to governments, according to the Alphabet-owned tech titan.
“The commercial spyware industry is thriving and growing at a significant rate,” Google said.
Apple’s Lockdown Mode is designed to block or disable some features and capabilities to prevent them being taken advantage of by spyware.
The extreme, optional mode “hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware,” Apple said.
How to prevent a cyberattack on your organization￼
“Organizations need to brush up on security hygiene,” says one expert. “Companies need to incentivize following the protocols.”
You wouldn’t expect cyber-criminals to target a lifestyle and bookstore.
In February, Canada’s much-beloved bookstore chain Indigo fell prey to ransomware threats — specifically to pay up, or its employee data would be released.
The attack also left the retailer’s website not working at full capacity, and its brick-and-mortar stores briefly unable to process any debit or credit payments. The effects of the attack even lingered into March.
But none of this surprised cyber-security experts, who all said at some point, “it’s not if, but when,” a company is hit with a security breach.
Shira Rubinoff — who provides cybersecurity guidance to numerous Fortune 100 companies, and serves on the board of Pace University’s Cybersecurity Program — said whether the ransom was paid or not, the data could invariably be sold to another bad actor anyway.
“Organizations need to brush up on security hygiene,” noted Rubinoff, who has built two cybersecurity product companies, and currently serves as president of the New York-based technology incubator, Prime Tech Partners, and the social-media-security firm, SecureMySocial. “Companies need to have a security process, trained people, and the right technology. But the glue in the middle is the training; make people cyber-aware within the organization. Companies need to incentivize following the protocols.”
She said the worst attacks to spot are phishing attacks, which attempt to deceive people into revealing sensitive information. “They look real. It might be end-of-day, and a worker clicks on it, and it’s from a nefarious bad actor that’s trying to penetrate the organization,” Rubinoff explains.
“It might be from someone who pretends to be from another company, offering them a rise in their position. But it’s really someone trying to get information.”
In the wake of several Canadian hospitals seeing their data hacked, the CEO of Canadian Internet Registration Authority Byron Holland, noted that a third of organizations have seen some kind of security breach.
“Lack of focus and money” were the reasons behind poor security protocols, Holland outlined in a Globe and Mail webinar on cybersecurity in Canadian healthcare, adding that necessary tools must include multi-factor authentication, firewalls, security training, among others.
Watch the webinar:
Toronto’s Hospital for Sick Children, Ross Memorial Hospital (Lindsay, Ontario), Newfoundland and Labrador’s provincial health data, and California-based Regal Medical Group have all fallen victim to breaches in recent months. In 2019, LifeLabs — Canada’s largest medical lab — was hacked, leaving vulnerable the personal information of fifteen million people.
Recognizing the growing problem, last year the Canadian government announced it was taking further measures to “bolster cybersecurity across the financial, telecommunications, energy, and transportation sectors.” The proposed legislation aims to “amend the Telecommunications Act to provide the Government with the legal authority to mandate any necessary action to secure” exposure from high-risk suppliers. In addition, the legislation introduced the Critical Cyber Systems Protection Act, that among many things, will help organizations better prevent and prevent cyberattacks.
Some 45% of small businesses in Canada have experienced a cyberattack in the past year, according to the Canadian Federation of Independent Business. One in ten experienced a phishing attack with someone impersonating a CEO or business leader. In the first half of 2020, attacks on web applications were up eight hundred per cent over the year before.
It should come as no surprise, then, that about one in ten staff have completed mandatory cybersecurity training, and eight per cent, optional training, according to the same report.
Alex Plotkin, CEO of Cyberwall Defence, explains that three-quarters of the time, a bug comes through email, and it’s a simple fix as buying al filter that any IT company can provide.
Most companies aren’t aware there are regulations they’re supposed to follow, he noted.
“Half of SMB CEOs have no clue about these regulations. They likely know anti-spam regulation, but nothing about cyberattack regulation to protect the information you have already.”
Finally, his advice is that employees not reveal too much about themselves on social media, such as their dog’s name, kids’ names, or hobbies. Attackers know that these are often password answers to private information.
Ben Rothke is a New York City-based Senior Information Security Manager for Tapad, a company that analyzes internet and device data for marketing. He is responsible for information security, data privacy, compliance, and risk management. He advises every company to have a documented and tested incident response plan, for before, during, and after an information security incident.
“Most responses tend to be haphazard,” he said.
Jeff Goldenberg, who has over three decades of security and fraud prevention experience, concurs. “Most companies, especially companies not in the financial services or health services — which are heavily regulated — simply don’t give a crap about security.”
This is especially true of SMEs, who have little budget to spend on security, and unwisely think they’re never on hackers’ radar.
“The biggest mistake that everyone makes, big or small, is that security is the security team’s responsibility,” he added. It’s actually everyone’s responsibility.”
To make matters worse, in recent years workers have come with their own computers, rather than a corporate-issued device curated by IT with certain controls and software. “It’s a mess waiting to happen. At a bare minimum, you should be running anti-virus software, and that includes Apple users. You absolutely need it for Macs too, because the idea that they’re immune is nonsense.”
Goldenberg adds that every staffer of every company should be “forced to take annual cyber-security training,” a resource widely available. “Even Visa and Wells Fargo use these external third-party sources, because they’re really good and effective. It’s a twenty minute course, so you know how not to be the cause of your own company’s breach.”
Some security tips are obvious, he says — for example, don’t give out your password, don’t open strange attachments, and don’t answer emails from people you don’t know. But an under-utilized security feature is multi-factor authentication, which provides an extra line of defense. Bluntly speaking, Goldenberg adds: “Passwords are useless.”
Dave is a journalist whose work has appeared in more than 100 media outlets around the world, including BBC, National Post, Washington Times, Globe and Mail, New York Times, Baltimore Sun.
5 charts that show how productivity levels vary by state
The COVID-19 pandemic has driven an increase in productivity nationwide, even if that rise has been uneven from state to state.
ClickUp used data from the Bureau of Labor Statistics to compare productivity levels by state, based on business locations. The analysis looks closely at relationships between productivity, pay, and hours worked.
Economists and institutions have understood human beings as important elements in business operations since Adam Smith first proposed defining the concept of “human capital” in the late 1700s.
How many hours people work can be measured or estimated, and the total number of goods and services created in every hour of work per person is considered a measure of “productivity,” or the efficiency with which humans make new things in pursuit of economic gain.
Studies have shown since the 1950s that human capital, as much as money itself, can drive economic growth for entire nations of people.
Workers are, of course, much more than just an asset on a vehicle assembly line or an attendant on a commercial airplane—they are also individuals who have families, passions, and lives outside of the jobs they perform.
The COVID-19 pandemic laid bare Americans’ modern struggle to balance those two worlds. Working at home or in risky work environments, people discovered newfound leverage in an economy where workers were in high demand. Many workers began seeking more job flexibility and compensation or switched jobs.
As measured by economists today, productivity is a human force that has only ever increased. That’s because people incorporate new technology and innovation, allowing them to produce goods and services more efficiently. And the U.S. has been consistent in bringing about technological advancements over the last several decades. Whether the private sector has aptly leveraged them is a matter of debate.
Because of this fact, examining the change in productivity from year to year is more valuable than simply acknowledging the long-accepted trend that technological advancement has only caused humans to be more productive over time.
So just how much more value did workers create per hour in 2021 compared with 2020? Nationwide, labor productivity among private sector workers increased by 1.9% in 2021, or about on par with the last several decades. According to the BLS, hours worked grew 5.4% from 2020 to 2021—the most significant year-to-year growth in decades, though the 2021 figures still did not exceed the total hours worked in 2019.
That’s partly due to 2020 being a historically disruptive year for work. The spreading contagion and a lack of vaccines to prevent death meant in-person business operations were dangerous and even potentially deadly, especially for older workers.
Most states increased labor productivity, but a few saw decreases
Areas that are home to fast-growing businesses can be evidence of more rapid productivity growth, according to the Brookings Institute. This information could help explain why California and Washington, home to much of the country’s tech presence, saw significant increases in productivity over the first two years of the COVID-19 pandemic.
States not traditionally viewed as tech hubs also benefited from dramatic swings in domestic migration that saw urban-dwelling white-collar Americans moving from the crowded, expensive coasts to more affordable states. Tennessee has seen its tech sector blossom in recent years—a trend bolstered by pandemic pressures.
GDP contributions ranged from $58 to $118 per hour
The booming economies of California, New York, Massachusetts, and Washington saw workers creating the most value per hour worked. These are states with widespread internet availability that allows for leveraging the latest technological developments in software, as well as burgeoning populations.
The Midwest has trailed all other regions of the country since 2007 in terms of productivity gains, according to BLS analysis.
Productivity grew most where compensation surged
There is a strong correlation between increased pay and increases in productivity. Researchers have found that companies that raise pay, including in response to minimum-wage increases, create a greater sense of attachment between workers and the employer.
California, New Hampshire, and Washington D.C., all saw compensation rise more than 5% in 2021 over 2020 levels. Those places also have some of the highest living costs in the nation. Florida, home to a large aging population, also saw significant wage gains relative to other states, but those did not translate to increases in productivity.
That trend didn’t hold true for increasing hours
Working longer hours doesn’t necessarily mean producing more value for a firm, an employee, or the economy. Numbers bear this out: Workers in states including Nevada, Wyoming, and Florida spent longer hours working and actually saw a decline in productivity as a result.
In Washington and Washington D.C., workers made strides in efficiency, seeing 4% or more year-over-year growth in productivity, according to BLS data.
Some white-collar workers found the shift to remote work during the pandemic meant more hours working because their personal smartphones could receive work communications long after the official eight-hour workday ended. The majority, however, have said it helped them find a better work-life balance, according to a Pew Research poll conducted in January 2022.
Rounding up the top and bottom performers
The bottom line is that worker output increased over the year as demand skyrocketed for goods while Americans continued to avoid service industry businesses like live events and Nevada’s casinos.
Some state economies were in a better position to benefit from that shift in demand. States like Wyoming and Alaska, however, saw productivity suffer. They also saw wages that, despite increasing, trailed growth rates in states with highly skilled workforces like New Hampshire and Washington.
This story originally appeared on ClickUp and was produced and
distributed in partnership with Stacker Studio.
mesh conference launches showcase program to shine the spotlight on underrepresented innovators
The mesh innovation showcase will recognize innovation and digital transformation leaders from underrepresented communities across Canada
Today the mesh conference announced a new program intended to recognize innovation and digital transformation leaders from underrepresented communities across Canada. Called the mesh innovation showcase, the program is being launched in collaboration with The51, The A100, and Platform Calgary.
The mesh innovation showcase will provide a platform to amplify innovators, including speaking and demo opportunities, media spotlights, and networking opportunities for members of underrepresented communities including: Women (female-identifying), Indigenous Peoples (First Nations, Inuit, and Métis), persons with disabilities, members of visible minority/racialized groups, members of LGBTQQIP2SAA communities and Immigrants/newly landed residents, as defined in the Tri-Agency Equity, Diversity and Inclusion Action Plan.
“We are so excited to highlight the brilliance of innovators across the country — startups and scaleups, sole practitioners, corporate innovators, as well as transformation leaders in not-for-profit and government,” says Alicia Kalozdi-MacMillan, partnership lead with the mesh conference. “We are committed to fostering a more diverse and inclusive innovation ecosystem, and we look forward to shining a spotlight on the incredible talent that exists in communities across Canada.”
Companies and individuals can nominate innovation leaders, and selected companies will be featured at mesh events across Canada and profiled in the media by mesh conference media partners, DX Journal and Digital Journal, who collectively reach millions of readers.
“Innovation is about unlimited thinking, which is why the mesh innovation showcase is such a valuable opportunity and one that we’re honoured to support,” says Tamara Woolgar, Executive Director, The A100. “Founders from underrepresented communities will have a chance to share their stories and solutions, grow their networks, and inspire a broader sense of belonging and possibility.”
The mesh innovation showcase will highlight innovators across the four mesh threads — Business, Society, Media, and Marketing — and will put a spotlight on people who think outside the box, break and fix, solve problems, and those who pursue innovation that solves real-world problems.
The mesh innovation showcase is open to entrepreneurs and intrapreneurs from across Canada, and selected companies will be featured at the mesh conference in April 2023, as well as in Toronto later this year.
“At The51, we’re dedicated to amplifying the voices of underrepresented founders, investors and ecosystem champions, and we’re thrilled to partner with mesh conference, an organization that shares our commitment to diversity and inclusion,” says Shelley Kuipers, Co-CEO and Chief Growth Officer of The51. “We’re excited to join forces to showcase the untapped potential of Canada’s innovation ecosystem.”
Nominations are open until March 31 for the first wave of the mesh innovation showcase and selected companies will be hand-picked, recommended, and qualified by mesh, The51, The A100 and Platform Calgary to be showcased at the mesh conference April 12-13 in Calgary.
Selected companies and founders will be invited to participate in the program free of charge, and be offered amplification through the event and its digital channels.
“When a founder has the opportunity to share their story, it has a profound impact not only on the growth of the entrepreneur personally, but more importantly for their venture,” says Madeline Kendrew, Director of Founder Success at Platform Calgary. “Showcasing their product-market fit and traction to date can accelerate the rate of attracting co-founders, customers, partnerships, and investors.”
Nominees will have the opportunity to meet with the partners involved in this program who will be on hand to offer advice, support and their services.
To nominate someone for the mesh innovation showcase, visit meshconference.com/mesh-showcase/
News desk5 months ago
U.S. proposes redefining when gig workers are employees
Business5 months ago
WeaveSphere technology conference announces first human-AI keynote
Business5 months ago
Sun Life’s Chief Architect on culture and upskilling, and their role in DX
Business5 months ago
WeaveSphere technology conference announces keynote speakers
Business5 months ago
WeaveSphere’s goal? Make STEM education more accessible and inclusive