Category: Security

Social Media Analytics Drivers

By Aydin Farrokhi and Dr. Wael Hassan

Today, the public has remarkable power and reach by which they can share their news, and express their opinion, about any product or services or even react to an existing state of affairs, especially regarding social or political issues. For example, in marketing, consumer voices can have an enormous influence in shaping the opinions of other consumers. Similarly, in politics, public opinion can influence loyalties, decisions, and advocacy. 

While increasingly organizations are adopting and embracing social media, the motive for each establishment to use social media varies. Some of the key drivers for adopting social media include:

Economic drivers:

 

  • Market research and new product
  • Need for better consumer
  • Need to gain competitive
  • Need to improve customer
  • Need to develop new products and
  • Need to increase Return on Marketing Investment (ROMI)
  • Top strategic actions to maximize social media spend
  • Improve ability to respond to customer’s wants and needs
  • Build social media measurement into marketing campaigns and brand promotions
  • Maximize marketing campaign and effectiveness
  • Align social media monitoring capabilities to overall business objectives

 

Political drivers:

  • Public opinion research and new motto
  • Need for better public
  • Need to gain competitive
  • Need to improve public
  • Need to develop new
  • Need to increase Return on Campaigning Investment (ROCI)
  • Top strategic actions to maximize social media spend
  • Improve ability to respond to the public’s wants and needs
  • Build social media measurement into political campaign and publicity promotions
  • Maximize political campaign and effectiveness
  • Align social media monitoring capabilities to overall political agenda

 

In general, there are three major categories of methods for analyzing social media data. These analytical tools can be grouped as either Content Analysis tools, Group and Network Analysis tools or Prediction tools.

 

 

 

Social Media as Political Warfare

The rise of social media has immeasurable power. Whereas in the past, people would get their recent news updates from television or the radio, now it is regular, lay people (often in 140 characters or less) spreading the news. While sharing opinion on social media outlets has the power to liberate and empower people, the messages spread can be harmful and downright abusive.
Social media has changed history. The creation of tactical narratives spread through social media channels is now at the core of modern strategic communication strategies in business, politics and even in warfare. Particularly in politics around the world, the ease of spreading messages from your finger trips has led to a phenomenon in political warfare that has shaped public’s opinions and influence election outcomes. Such digital manipulation has even gone so far as to make policy makers, military leaders and intelligence agencies struggle adapt to the changing climate.

One example of this is the election season of Iran. At the time, the majority of the posts were bashing the election and did not even come from the people of Iran themselves. In particular, it was the Western media outlets that were bursting with an outbreak in protesters using Twitter, blogs, and other social media outlets to spread propaganda, coordinate rallies, share information (that may or may not have been true), and locate supporters. Extensive media coverage highlighted the role of social networking, both in helping organize activities and in causing a rise in cyber activism surrounding the Iranian protests that resulted in an unpresented global debate. In just exploring the sheer volume of information published in real-time through social networks, one can see how this was just one of the most major world event that was broadcasted worldwide almost entirely via social media. While social media allowed an international community of protestors (and some supporters) an unprecedented peek into the turmoil afflicting Iran, politicians also were found to be using social media as a way to mobilize voters as the societal messages discussed on social media became campaign themes for presidential candidates. One of the largest issues, however, was the discussion of how politicians in Iran were using the social networks to advance their own political schemata, yet still opposed free access to the internet for all.

A secondary example of political warfare that steamed from social media is the over 8000 tweets on terrorist and racist comments that came within hours of Saudi Arabia’s announcement of a Saturday a new terrorist-monitoring center. The Ideological War Center, which launched operations in April of this year, stated that it would correct what it calls “misguidance” about Islam through its channels on Facebook, Twitter and Youtube. Within hours of its announcement, the Ideological War Center attracted numerous people, including individuals who have been born, lived and grew up in non-Muslim countries. However, there was no time to distinguish false stories from real ones about what the Islamic faith really entails. Instead, each new post contributed to some element of racist thought, which seems counteractive to the Center’s aim of exposing mistakes, allegations, suspicions and deceptive techniques promoted by extremists and terrorists. As such an ideologist war of sorts has been created in which the aim of deterring terrorist and extremist organizations has been met with the continuous breeding of false, racist ideas that linger and thieve on social media platforms.

Lastly, Saudi Arabia and other Arab states that have severed ties with Qatar have declared severe penalties for those who support Qatar. The Attorney General has made it very clear that it is now punishable by law to show sympathy on social media or by any other means of communication for Qatar. The cybercrime law came into effect in December 2012 and covers a comprehensive scope of offences in categories including undermining state security, political stability, morality and proper conduct. The Federal Public Prosecution also announced that according to the Federal Penal Code and the Federal law decree on Combating Information Technology Crimes, anyone who threaten the interests, national unity and stability of the UAE will face a jail term from three to 15 years, and a fine not less than AED 500,000 ($136,000). “Strict and firm action will be taken against anyone who shows sympathy or any form of bias towards Qatar, or against anyone who objects to the position of the United Arab Emirates, whether it be through the means of social media, or any type of written, visual or verbal form,” United Arab Emirates Attorney General Hamad Saif al-Shamsi was quoted as saying in a statement.

From Facebook to Twitter, YouTube, Snapchat, or Instagram social media users are besieged with political content, and participate in it readily, which has led to social media being seen as a type of political warfare. Unlike traditional media, social media has a heightened reach, frequency, permanence and immediacy. As such, social media has become a loud speaker of beliefs, a designer of meaning and a producer of conflicts.

There are three things that need to be done to help minimizing the negative effects of this for politicians, and for those concerned about upholding true information: the better filtering of chatbots that post negative, and disruptive; the better identification of fake news; and the better identification of mass manipulation. Current technological developments in artificial intelligence, such as Chatbots that serve as conversational entities relying on artificial intelligence to spread information or in most cases concerted and repeated skewed information, have become important factors in this war of words. Further, fake news is growing and causing a culture of digital anonymity that facilitates hate speech and misinformation to manipulate a mass amount of people. Fortunately, companies that use social media analytics tools, such as KI SOCIAL, are in a position whereby their teams have the technical and intellectual means to detect fake news and Chatbots and the knowledge to better identify mass manipulations (and how to respond).
The political landscape has changed quite a bit in the last couple of decades and social media, in part, is responsible for this change. While social media can be a source of good, it has also come at a price- as a commodity of political warfare.

The Necessity of Multi-Scanning

Last Friday, the WannaCry cyberattack effected more than 300,000 computers, impacting thousands of businesses, hospitals and enterprises, across 153 countries by taking advantage of outdated versions of Windows that never had updated Microsoft’s crucial security upgrades.

 

With the increasing amounts of advance threats by attackers and the overall skyrocketing growth of malware, relying on a single anti-malware engine is no longer sufficient for high-security networks.

 

Anti-malware, multi-scanning softwares are essential for improving security because they significantly increase the intensification of malware detection rates and consequently, reduce the susceptibilities created by a specific anti-malaware engine’s shortcomings.  Multiscanning refers to the process of running multiple anti-malware or antivirus engines concurrently. Multi-Scanning anti-malaware tools also have the added features of meaningfully reducing the number of days of exposure to new malware outbreaks and often can protect systems from malware targeting a variety of system at once, including Windows, Mac, Linux, iOS, and Android operating systems.

 

No single anti-virus software is perfect. Each product will have it’s own strength and weaknesses when it comes to detecting some threats. Likewise, every emerging threat that has the possibility to be detected, will be detected at a different rate by different engines Studies have found that no single engine detects every possible threat. Thus, it is only by combining multiple engines in a multi-scanning type of solution will all possible threats be detected quickly. One downfall of ‘multi-scanning incorrectly’, is that running multiple engines instantaneously can result in conflicts to your servers that lead to system freezes and application failures. Another downfall is that it increases the amount of false positives you can receive. Lastly, multi-scanning can be very costly, especially for smaller-scale enterprises.

 

Fortunately, many vendors have come up with technology that is able to conduct a multi-scan, and detect all types of malware in a single tool, without the hassle of licensing and maintaining multiple antivirus engines. Such vendors allow you to improve your malware detection, decrease the detection time of an outbreak and increase resiliency to antivirus engines’ vulnerability. However, determining the right number of tools or which one to select depends on the volume of the data being protected, the value of this data and the severity and frequency of potential attacks.

 

Security experts are predicting that malware attacks are expected to increase in frequency and severity, multi-scanning anti-malaware solutions can be our best line of defense.  Using anti-malware in a multi-scanning process, or tools that automatically multi-scan can be  used to ensure the safety of your organization’s servers, the email attachments you open, web searches, sending confidential files securely and much more. Multi-scanning allows users and enterprises to control their early detecting engines to detect spear phishing and other specific types of targeted malware attacks. This in turn, will allow them to take action as quickly as possible.

 

 

Political Cyber Security

The daily life and economics of the global citizen depend each time more on a stable, secure, and resilient cyberspace. Even before was elected president, Donald Trump promised to make cybersecurity “an immediate and top priority for [his] administration.” Yet, months into his presidency, Trump and global leaders worldwide have struggled to deal with how policies should use their personal technology.

Cybersecurity has gotten sucked into the inevitable vortex of politicization.

Perhaps things first came into media attention when it was discovered that Hillary Clinton was using a private email server when she was Secretary of State. In response, Clinton has said that her use of personal email was in compliance with federal laws and State Department regulations, and that former secretaries of state had also maintained personal email accounts, though not their own private email servers. In a summary of its investigation into Clinton’s use of private email, the FBI concluded that a username and password for an email account on the server was compromised by an unknown entity, which had logged into the compromised email, read messages, and browsed attachments using a service called Tor. Unique to Hillary’s case is that the FBI had repeatedly noted that if a breach did occur that its agents might not be able to tell, but that there was no evidence previously to indicate that Hillary Clinton’s personal email account was hacked.

More recently, the campaign of the French presidential candidate Emmanuel Macron was hit on May 5th, 2017 with leaked emails and other documents on a file-sharing website. Security analysts are under the impression that the huge leak of emails Macron’s campaign team might have been coordinated by the same group of individuals behind the Democratic National Committee leak that effected Clinton.  In fact, the Macron campaign directly compared the hacking directly to the hacker targeting of Clinton campaign, in a statement that read: “Intervening in the last hour of an official campaign, this operation clearly seeks to destabilize democracy, as already seen in the United States’ last president campaign. We cannot tolerate that the vital interests of democracy are thus endangered.”

However, with the ‘Macron-hack’ emerged as an anonymous poster provided links to documents on Pastebin with the message: “This was passed on to me today so now I am giving it to you, the people.” This serves as an example of how authentic documents can easily be mixed on social media with fakes to perpetuate fake messages that can harm political campaigns. While France’s electoral commission aimed to prevent this hack from influencing the election by warning local media that sanctions can be placed on them if they spread this information, the overall effect this link will have on Macron is unknown.

While we acknowledge that it is difficult to assess the impact of breaches done to a single account on a server, these incidences raise fresh questions about the security of other electronic accounts of politicians.

Politicians are particularly vulnerable to cybersecurity threats for the following reasons:

  • All politicians use different or even multiple platforms (windows, mobile, app, etc.), different email systems (gmail, Hotmail, corporate exchange, yahoo) and different file sharing systems (dropbox, box, icloud) that makes it harder to employ the strictest security standards on each one
  • Politicians work with a lot of individuals for temporary amounts of time, such a volunteers. As such, it is hard to know who you’re working with sometimes.
  • There is also a lack of centralized administration. Cybersecurity tends to ascent traditional political fault lines, making it at best confusing territory for politicians.

Despite which side of the political aisle your ideas land on, there is little debate that cybersecurity continues to be a hot issue.  Nowadays, for politicians, ignoring cyber issues could derail their career. Whether it be governments, individuals, or even campaign trails – the political cybersecurity world has experienced resurgence of threats.

Fortunately, the Blockchain’s alternative approach to storing and sharing information provides a way out of this security mess for four very important reasons:

  1. The decentralized consensus nature of Blockchains makes it almost impossible to break into it.
  2. Its platform agnostic, so it runs on any combination of operating system and underlying processor architecture.
  3. Once configured, it does not need an administrator
  4. Malware cannot break into it

A Blockchain is a register of records prepared in data batches called blocks that use cryptographic validation to link themselves together. Publishing keys on a Blockchain instead would eliminate the risk of false key propagation and enable applications to verify the identity of the people you are communicating with. Similarly, using a public Blockchain like Bitcoin would mean your entire system is decentralized with no single point of failure for attackers to target. As of right now, Estonia is one of the first countries to use Blockchain this way, although other governments are slowly warming up to Blockchain technology.

Moreover, there’s a rising tide for big data analytics to help combat cyber-threats and attackers. Social analytics tools can help be the first line of defense for politicians by combining machine learning, text mining modeling to provide an all-inclusive and amalgamated approach to security threat prediction, detection, and deterrence.
The cyberspace is the underlying infrastructure that holds the key to the modernity in technology. These types of threats are real and actively happening. The types of threats that have impacted politicians in the USA and Europe are real and actively happening. Blockchains and analytic tools will not be the golden ticket to fix everything that’s wrong with cybersecurity for politicians, but they can be a place to start. The Blockchain provides innovations that current systems and politicians could embrace.

For more information on how to protect yourself as a politician, please contact Waël Hassan, PhD.

Legal Obligations for Energy Boards

In this guide you will explore:

  1. Obligations of Energy Boards
  2. FTC and Fair Information principle requirements
  3. Smart Grid Data Protection Requirements
  4. Employee Privacy in the Energy Space
  5. Federal and state law requirements

In recent years, news of massive data breaches has become almost commonplace.  We are witnessing an unprecedented increase in cyberattacks, with energy utilities and the smart grid in particular under threat.
For directors and their boards, compliance is a vital aspect of governance. Utility boards and management focus attention on NERC’s Critical Infrastructure Protection Reliability Standard.  Traditionally “Security” meant securing energy management system or EMS.  With the recent regulations it also means securing personal data.

Practical Guide to Privacy & Security for Retailers

Retailers are facing risks as more and more of their operations is moving online.  These risks are legal, reputational, operational, investment, and data breaches. In this report you will learn about:

  1. Boards, Executives, and Privacy Compliance Obligations
  2. What You as a Director Can Do
  3. FTC and Canadian Privacy Obligations
  4. The report will provide you with an Implementation Checklist
  5. Detailed Recommendations on :
    1. New Technologies and Consumer Data Protection
    2. In-store tracking
    3. Internet of Things
    4. Mobile Apps
    5. Behavioural Advertising
    6. Hacking and Phishing Threats
  6. In addition to HR issues on : Legal Privacy Obligations, Relevant Federal Law, Anti-discrimination, Background Checks,Workplace Monitoring, Post-employment Access Issues
  7. Relevant State and Provincial Law, Tort Law, Contract Law requirements

Download this guide to learn more about how to prevent a potential attack on Retail Data. In recent years, news of massive data breaches has become almost commonplace. Major retailers such as Target and Home Depot have been targeted; so too have hospitals, universities, and both the US Internal Revenue Service and Canada Revenue Agency. We are witnessing an unprecedented increase in cyber attacks. Privacy and information security have never been more important, yet it is clear that many companies are struggling to keep up with new technological issues and legal requirements.

For retailers, compliance is a vital aspect of corporate governance. Traditionally, “security” has meant securing store locations and computers. Now, it also means securing personal data online. Corporate compliance – meeting regulatory requirements for privacy and security – is an equally important aspect of corporate governance.

Audience:

This report is for ideal for CISOs, security, compliance and risk management officers, IT administrators and other professionals concerned with information security, this guide is for IT decision-makers that need to implement strong authentication security, as well as those evaluating two-factor authentication solutions for organizations in the retail industry.

Download our  guide today for a detailed overview of the retail industry’s current state of security, and recommendations on safeguarding customer financial information.

Data Protection in Design

Time for a New Vision

Up until now, we have viewed privacy and security on the same sliding scale, through which it appears to be impossible to have one without hurting the other. Envisioning a country where privacy is prioritized over security and surveillance seems absurd. However, it is time that we disrupt this traditional way of thinking.

How? Through Data Protection in Design. By developing and building data protection into the design of private, public, and political systems, citizens would have the ability to express their desires, change the system, and influence government, all the while minimizing the risk to national or public safety. Instead of pitting the forces for privacy and the forces for security against one another, the two forces should be integrated in order to reap the benefits of both.

It is no longer a balance between privacy freedoms and security, but rather about achieving both outcomes in an effective way

IAM Maturity Model

Identity and Access Management (IAM) has two seemingly opposed purposes: to enable user access to information, and to block user access to restricted information. In fact, strong security and user-friendly access are by no means mutually exclusive: a mature IAM solution provides both. Read a summary of my IAM Maturity Model.

Governance Analysis Method – PhD Thesis Waël Hassan

Governance Analysis is a logic-based, computer assisted framework for validating legal compliance of enterprise governance models. This framework is intended to help check whether governance systems are consistent with the law. My approach to Governance Analysis includes legal and enterprise models, a governance analysis method (GAM), a governance analysis language (GAL), and an implemented governance analysis tool (GAT) (see Publications). GAM consists in extracting legal requirements and translating them into GAL statements by using patterns and translating them into a logic model for consistency checking.

The GAM, GAL, and GAT evolved as a result of their application to governance laws related to privacy and financial management. The method’s main processes were validated through application to Canadian and US laws (mainly PIPEDA and Sarbanes-Oxley) combined with various examples taken from enterprise systems.

Governance Analysis begins with an extraction process, which uses patterns to match legal and enterprise requirements. Next, the representation process maps extracted requirements to GAL statements. The generation process takes as input GAL statements to generate a logic model, and the Alloy logic analyser is used to check legal consistency. Three legal compliance validation techniques can then be applied: model, ontology, and scenario checks (see What are the Methods for Validating Legal Compliance?). Model checks validate the combined legal and enterprise requirements for logical consistency; ontology checks validate the enterprise structure and process; and scenario checks validate enterprise scenarios.

These Governance Analysis techniques have proven to be useful not only for identifying conflicts between laws and enterprise governance models, but for identifying the specific scenarios in the enterprise which threaten legal compliance.