Why Retailers Need to be Utilizing Mobile Payments, and How They Can Choose Systems Wisely

While the ecommerce market has grown rapidly in recent years, and is set to continue to boom, the fact is that most retail transactions are still actually completed in bricks and mortar stores. However, as more and more consumers get used to the convenience and quick process of buying online, it’s imperative that retailers use every tool at their disposal to streamline transactions in store, and to offer customers an excellent experience at every touchpoint.

One of the ways they can do that is through using mobile payments (mPOS). A BI Intelligence report forecasted that there will be a whopping 27.7 million mPOS devices in circulation by 2021 in the United States, up from just 3.2 million items seven years prior.
For many retailers though, the introduction of mobile payments isn’t a priority yet, so mPOS adoption continues to lag. However, if you’re an entrepreneur who hasn’t started using this tech, you’re probably not just missing out on sales, but also losing the opportunity to build consumer loyalty and increase referrals.
Mobile payments allow retailers to help customers complete checkouts more quickly, and locate stock in store. They also enable businesses to better manage inventory and to customize shopping experiences for clients, to name just a few benefits. If you’re ready to start providing this payment option to your shoppers this year, read on for some ways you can go about choosing a system wisely.

Determine Which Features You’ll Need

To begin with, before you start narrowing down your shortlist of providers, it’s important to stop and think about what kind of features you need in a system. Not all operators provide the same kinds of services, so the more clear you are about what you’re after, the easier it will be to narrow your search.
For example, you may only need a basic merchant account if all you’ll do is process debit or credit card payments on a smartphone. However, you might alternatively require a raft of features, or something in particular, that means you should look for a more comprehensive service. Some entrepreneurs want a mobile payment system to incorporate a loyalty program or some inventory management functionality, while others may prefer a company that specifically serves their business niche.
Something else to think about is whether or not you want to choose a provider that offers scalability in its features, and flexibility in its plans (this is important if your business is growing and the number of or type of transactions you have now will be different in the future). You might, perhaps, need a merchant provider that can accept things like American Express and Diners Club cards, PayPal, and Apple Wallet transactions, and loyalty points.

Evaluate Security Levels

Next, keep in mind that the security protocols of the mPOS system you choose also need to be comprehensive so that not only will your customers’ details be kept safe from prying eyes, but also your firm’s. Remember: hackers across the globe are finding increasingly sophisticated ways to break into accounts these days, plus consumers are particularly sensitive to data hacks and will typically discount companies if they’ve been hacked.
As you learn more about the firms on your shortlist, find out what level of security they can provide you with. For instance, do they use an integrated, or a safer semi-integrated, payment architecture? Plus, do they use complex encryption algorithms and have data encryption in place for all exchanges; do they enable CVV2 verification on transactions; are the highest-level SSL certificates accepted; are there restrictions on how data is sent and stored via an Internet connection; and do they provide billing address security for every transaction?

Weigh Up Fees

Of course, for most business owners, one of the prime factors evaluated when choosing an mPOS system is cost. However, while you certainly do need to think about this, make sure you’re actually comparing “apples with apples” when you weigh up the different options.
While some firms may look the most affordable at first glance, a bit of research may reveal they charge extra for things that other providers don’t. For example, they could have additional fees for setting up your account or integrating their software with your system; for taking certain types of transactions; for providing customer support; or for changing plans or canceling your account.
As well, look into the different ways companies calculate transaction fees. Some have a variable fee calculated according to the number of sales made by month or other period, while others have different plans to choose from, or may just charge a flat fee per transaction regardless of the amount of transactions or dollar value of sales per period. You’ll have to determine which option will be the best value for money for you, based on the kinds of sales figures (current and projected) you have.  

How Cyber Hygiene Keeps Your Business System Safe

These days, your business computer system faces many threats — malware and viruses alone aren’t the only things you have to worry about. Phishing attacks, social engineering, and password crackers all pose risks to the security of your system, and the safety of your business’s, your employees’, and your customers’ personal information.

By practicing good cyber hygiene, you can protect your business system from the many threats it faces. Cyber hygiene involves mitigating risks by implementing best security practices. Even without a dedicated IT security staff, you can protect your business by using strong passwords, implementing multiple levels of security, updating software regularly, and training your employees to resist social engineering attacks.

Use Strong Passwords

It might seem simple, but using strong passwords is a fundamental aspect of cyber hygiene, and one that many system users still struggle with. It’s all too common for users to create generic, easily-guessed passwords, like password123, often because they’re worried about remembering a complicated password. Even a more personal password, like the name of a child or pet, can be easily guessed by hackers who have access to yours or your employees’ social media feeds, or by software that can crack passwords in a matter of minutes.
Passwords are your business system’s first line of defense against hackers, so it’s important that you and your employees are using strong passwords to access the system, use password-protected apps, or open files that contain sensitive data. Use a password generator like LastPass to create and store secure passwords that can’t be easily guessed by password cracker software. Change your own password, and encourage employees to change theirs, at least every few months.

Keep Sensitive Info on a Need-to-Know Basis

Your business system may contain a wealth of sensitive information that could be valuable to hackers, including your employees’ personal info, customers’ payment info, and more. It’s worth considering whether you want everyone in your organization to have access to all of this info every time they log into the system. You may want to put sensitive info behind additional password protection, so that only those who need to access the info can get to it. This will mitigate your risk from insider threats, and it’ll also put an extra layer of security into your system so that a hacker won’t be able to access sensitive info with a random employee’s password. Limit administrative privileges to those who need them.

Update Software Regularly

Software updates keep your business system running smoothly, but they also keep hackers from gaining access to your system by addressing vulnerabilities in your code. Hackers learn to exploit flaws in operating systems and common apps in order to access systems surreptitiously, but software and device manufacturers release patches for these flaws as part of their regular software updates. Make sure you’re installing regular updates; automated updates are best for your system’s security. Stop using any software that’s no longer supported. Don’t forget to verify that your wireless router and smart devices on your network, such as security cameras and systems, thermostats, and smart TVs, receive regular software updates, too.

Train Your Staff

Today’s cyberthreats often use social engineering to attack systems at their weakest point — the human beings who use them. Social engineering attacks seek to manipulate users into falling victim to phishing attacks, giving up sensitive data voluntarily, or similar. You can protect your business system from these kinds of attacks by making sure you and your employees are aware of the threats they face and are educated in cybersecurity best practices.
Make sure new employees receive training in cybersecurity best practices, and make sure to refresh that knowledge regularly with additional trainings for all employees. Don’t leave yourself out of the loop; learn how to avoid phishing attacks, ransomware, and other cyberthreats by keeping private data private, avoiding suspicious links, backing up data regularly, using strong passwords, and more.
Cyber hygiene mitigates the risk posed by hackers to protect your business from a data breach that could destroy all you’ve built. By taking care to implement best security practices in your business, you can make sure that your business’s sensitive data is protected, so that you, your employees, and your customers can continue to benefit from the organization you’ve built for years to come.

Ransomware Attacks Rose Rapidly in 2017: Here’s How You Can Protect Your Data

Unless you avoided reading or listening to the news last year (and with everything going on in the world who can blame you), you no doubt heard reports of ransomware attack after ransomware attack occurring in 2017. This type of hacking issue, where cybercriminals break into individual or company systems and hold data for ransom, is rife right now, and according to one report, actually increased almost ten-fold last year.

As such, no matter which industry you work in, and whether you’re an entrepreneur, freelancer, contractor, or employee, it’s imperative to keep all your important information safe from prying eyes, and from downtimes as a result of it being held captive. Read on for some steps you can take to avoid a ransomware attack this coming year.

Install Security Software and Firewalls

First off, one of the simplest things you can do to protect your data is to install top-quality security software on all the devices you use. There are many different products on the market these days, and while there are certainly numerous free versions available, it’s best to op for maximum security software that will protect your gadgets from all types of digital threats, not just some.
Security programs will stop your networks and computers from being infected with malicious code that enables hackers to get access to your data, and they’ll work to protect your privacy when online, shopping and browsing sites where you might put in sensitive details which can again potentially be used to break into your systems.
Firewalls are another line of defense well worth implementing, as they help to stop cybercriminals from breaking in via an internet connection. As above, you can buy a third-party product online or in a department store, I.T. shop, and the like, but it also pays to check your computers to see if they already have something pre-installed on them. Many do these days, as part of their manufacturing process. However, note that these firewalls may not be activated automatically, so double check the settings on your device to ensure your version is doing its job.

Use Proper Passwords

Next, don’t forget to always use hard-to-guess passwords on your devices. This includes not just computers, but also your Wi-Fi router and any smart-home products you have in your property. You should also use comprehensive codes on the various websites and other types of portals where you log in to store or access personal information.

Good passwords are always a minimum of eight characters long (the longer the better, usually, because this makes them harder to crack), and are made up of a mixture of upper and lower-case letters, plus numbers, and symbols. Also, be careful not to use any identifying names or numbers in your codes which hackers could guess from checking out your information online. This includes things you could post on your website or social media pages, such as birth dates, addresses, pet or family names, and lucky numbers.

Be Wary of Suspicious Emails, Links and Attachments

Another key step is to be aware that hackers tend to regularly gain access to systems by way of malicious code they implant in emails, links, and attachments. Often you will open or click on something, not realizing that in doing so, you’re making it easy for cybercriminals to run code surreptitiously on your machine that will crawl through looking for information and taking note of keystrokes.
As such, to stay safe you should never open emails or attachments from people you don’t know, and be on the lookout for messages which have been designed to look like they’re from a legitimate company you regularly deal with, such as a bank or telecommunications firm, but that are really sent out by a hacker. Be careful on social media sites too, particularly of clicking on links on ads or over-the-top headlines which are created specifically to attract more attention and get more clickthroughs.

Update Often

Lastly, remember to update your tech gadgets on a regular basis too. Install the latest versions of not just your security software programs and firewalls, but also the operating system you use, the browsers, apps and plug-ins on your computers, and your passwords (generally around every two to three months works best here).
It is wise to set up programs to automatically update when a new version has been released. However, if you really don’t want to do this, or if you run some kind of software which doesn’t have this feature, make sure you post regular reminders in your calendar or diary to check for and arrange manual updates.

Jackie is a content coordinator and contributor that creates quality articles for topics like technology, business, home life, and education. She studied business management and is continually building positive relationships with other publishers and the internet community .

Cybersecurity should be a board room topic, so why isn’t it?

In the land of lies, damned lies and statistics, the insurance industry may be one of the more trustworthy sources. After all, it is founded on maths, its actuarial background built into every policy and claim. As purveyors of protection against all risks, insurers cares less about which risks are more important, and more about the relationship between premiums and pay-outs. Indeed, getting this equation wrong is potentially the biggest risk the industry faces.

So, when insurance giant Allianz reports that cybersecurity is the second most important business risk, according to over 1,900 respondents globally, we would do well to sit up and listen. To put this in context, over the past five years it has climbed from 15th position, so why? First and simply, the number and complexity of cyber attacks is growing. This is to be expected, as it mirrors technology’s increasing impact and complexity: the bad things are dark mirrors of the good.

The organization also cites GDPR as a significant driver, not in causing breaches but in how they may result in a conssiderable fines. “Many businesses are waking up to the fact they have potential vulnerabilities, and the realization that privacy issues create hard costs will emerge fairly quickly once GDPR is implemented,” says Emy Donavan, Global Head of Cyber at Allianz Global Corporate & Specialty (AGCS).

But wait, there is more to this. The Allianz survey is global, across 80 countries. An appendix shows how Nigeria sees theft and fraud as the biggest cause of business risk, while in Croatia it is legislative change, and so on. In the USA and UK meanwhile, as well as Austria, Belgium, Brazil, Australia, India, South Africa and Singapore, cyber incidents take top spot in the risk charts. Cyber is the number one risk in the Media, Financial Services and Legal, and indeed the Technology and Comms sectors. It’s also top risk for mid sized companies.

And, to cap it all, let’s just look at the number one business risk — business interruption (BI). “ Whether it results from factory fires, destroyed shipping containers, or, increasingly, cyber incidents, BI can have a tremendous effect on a company’s revenues.” What’s that you say, cyber incidents is one of the main causes of the main business risk? Indeed, it’s the first in the list, according to respondents, before fire/explosion or natural catastrophe.

In other words, while cyber incidents pose a significant challenge by themselves, their consequences can be even greater— it’s difficult to escape the conclusion that cybersecurity should be a boardroom topic right now. The good news is, organizations large and small are well aware of the challenge, are they not? Well, no, says AGCS UK CEO, Brian Kirwan. “Far from being over-hyped, the threat is under-appreciated and not always well understood.”

I’m not sure any additional comment is required, other than that the conundrum around cybersecurity remains as astonishing as ever. Behind the figures lies a simple truth, that business continuity today means data continuity. While no person is indispensable in an organization, take away its sensory capabilities and you render it useless.

On the upside, and rightly so, insurance companies such as Allianz do have insurance products, and indeed whole practices, to help organizations protect themselves against such risks. But this is missing the point. While it is difficult to get a clear answer (that’s the nature of denial) the corporate position still appears to be that dealing with cyber-threats is too complicated to address, so we’ll all just cope with the consequences.

This frontier town attitude never worked, and it is going to become even less viable really soon. We are at the start of a wave of machine learning, which will grow rapidly in scale over the next few years: you don’t have to be a guru to work that one of the softest targets for semi-intelligent bots will the highly vulnerable defences many organizations still have around their data centers. Corporate psychology will shift quickly from hoping cyber incidents will happen to somebody else, to finding that the paltry and permeable protections have already been breached.

Four Questions For: Jean-Philippe Aumasson

Long term, who wins: the cryptographers or the code breakers?
Nobody breaks codes anymore, strictly speaking. When you hear about broken crypto, it’s most of the time about bugs in the implementation or about the use of insecure algorithms. For example, the DROWN attack that just won the Pwnie Award of the Best Cryptographic Attack at Black Hat USA exploits weaknesses in: 1) a protocol already known to be shaky, and 2) an algorithm already known to be insecure. So we’ve got unbreakable crypto, we just need to learn how to use it.
What innovations in cybersecurity should companies implement today?
The hot topic in my field is end-to-end encryption, or encryption all the way from the sender’s device to the recipient’s device. This is therefore the strongest form of encryption. WhatsApp and Facebook recently integrated end-to-end encryption in their messaging platforms for the benefit of their users’ privacy. Enterprise encryption software lags behind, however, with encryption solutions that often expose the unencrypted data to an intermediate server. That’s acceptable, for example, for compliance or controllability reasons, but otherwise you should make sure that you use end-to-end encryption to protect sensitive information, such as VoIP phone calls (telecommunication standards, including the latest LTE, are not end-to-end encrypted).
What are the implications of mobile technology and wearables in personal security?
Companies creating those products often neglect security and privacy concerns to save cost (or through ignorance) while security experts tend to exaggerate these concerns. We’ll have to find a middle ground between the needs and expectations of users and regulations. Meanwhile, the lack of security in IoT systems creates great opportunities for conference talks and marketing FUD.
In the Internet of things, is everything hackable, and if so, will someone hack all the pacemakers some day and turn them off?
The “everything is hackable” mantra is actually less scary than it sounds. Literally everything is hackable: from your refrigerator’s micro controller to your mobile phone, as long as you put enough effort in it. One shouldn’t think in terms of mere possibility but instead in terms of risk and economic interests: if I spend X days and Y dollars to hack a pacemaker, will my profit be worth the X-day and $Y investment? A secure pacemaker is obviously better than an insecure one, but the scenario you describe is unlikely to happen; it would just make a great movie plot.
Jean Philippe Aumasson
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, and holds a PhD in applied cryptography from EPFL. Switzerland. He has talked at top-tier information security conferences such as Black Hat, DEFCON, and RSA about applications of cryptography and quantum technologies. He designed the popular cryptographic algorithms BLAKE2 and SipHash, and organized the Password Hashing Competition project. He wrote the 2015 book “The Hash Function BLAKE”, and is currently writing a book on modern cryptography for a general audience. JP tweets as @veorq.

Four Questions For: Tod Beardsley

Why do you believe it is important to have open source security software? Wouldn’t that make it easier for hackers to crack the code?
Yes, and this is a good thing! Open source is especially important for core security functions precisely because everyone can take a look at how the security is actually implemented. Hackers, researchers, academics, tinkerers — when everyone can see how security works, everyone wins. People can learn from both good implementations and bad, vulnerabilities can be discovered and disclosed before and while bad actors are exploiting them, and ultimately, open source can help promote a clear, concise, maintainable code base.
What are some easy security protections for companies to implement, especially companies that have never dipped their toes in any kind of security investment?
Companies who are new to the software distribution game should look to assembling, rather than inventing, their own software. Using standard libraries and frameworks can solve many “old” and “easy” computer security problems before they come up. While there are occasional cross-library vulnerabilities, the path of writing one’s own control software opens up a Pandora’s Box of unsanitized input and buffer overflows. Modern application frameworks tend to do a pretty good job at helping developers avoid 99 out of 100 “gotchas” in secure design.
With ransomware crime on the rise, how can everyday citizens protect themselves against being “held hostage?”
The security industry, as well as regular IT industry, has been advocating reliable backups for decades in the context of sudden and unpredictable disaster. A silver lining to the ransomware threat is that it helps promote the idea of backups in the face of malicious, rather than merely accidental, disaster. My hope is that ransomware is the emotional kick that people need to actually take backups and distributed data storage seriously.
What do you predict will be the next major issues in cybersecurity? What industries or devices are particularly vulnerable?
Distributed, malicious computing using a network of popular but insecure IoT devices seems practically inevitable; in particular, the massive install base of small office / home office (SOHO) routers. The problem with a router-hosted botnet is that these devices often don’t have a reasonable patch pipeline, so such infections can last a long time — potentially much longer than standard desktop and server malware.
We saw a hint of this in the “HackCensus” of 2012, where an unknown person temporarily took control of hundreds of thousands of insecure home routers to conduct mass portscanning. While the Carna botnet seems to have been short-lived, it’s only a matter of time before this large, installed base of ready-to-pwn devices gets marshaled into malicious computing again.
Tod Beardsley
Tod Beardsley is the Principle Security Research Manager at Rapid7. He has over 20 years of hands-on security knowledge and experience, reaching back to the halcyon days of 2400 baud textfile BBSes and in-band telephony switching. Since then, he has held IT ops and IT security positions in large footprint organizations such as 3Com, Dell and Westinghouse, as both an offensive and defensive practitioner. Today, Beardsley often speaks at security and developer conferences on open source security software development, managing the human “Layer 8” component of security and software, and reasonable vulnerability disclosure handling. He can be contacted via the many addresses listed at https://keybase.io/todb.

Four Questions For: Joseph Steinberg

You have written that there is no effective law enforcement to counter or punish cybersecurity attackers and hackers. How do you envision this changing in your lifetime? How can law enforcement and governments protect their citizens?
There are many reasons that cybercrime often goes unpunished today, and entire books could be written to answer how government and law enforcement can better protect citizens. There are many areas in which improvement is needed: Laws need to change, enforcement agencies need more flexibility to hire experts, international cooperation needs to be obtained (diplomatically, if possible), lawmakers need to invest time to stay current with technology knowledge rather than spend their time raising campaign funds, various sections of government need to listen not only to representatives of large corporations, but also to experts who often are independent or work for small firms, enforcement of laws needs to be uniform without regard for alleged perpetrators’ political connections or the political ambitions of prosecutors, stolen data needs to be treated as stolen property, etc.
If you have nothing to hide, what is there to worry about with regards to surveillance?
The argument that anyone who “has nothing to hide” doesn’t need to worry about surveillance is simply wrong, as surveillance undermines privacy, not just “hidden things.” How many people who consistently post about their successes on Facebook don’t mention when they fail at something important or when they are caught doing something that they should not have done? How many people who Tweet regularly tell the world about highly personal issues such as medical problems, marital fights, or embarrassing scenarios? How many people who share selfies also post photos of themselves taking their medicine for a chronic condition, crying over emotional pain, using the bathroom, or engaging in sexual activities? We all have private moments and negative experiences that we do not announce to the world or wish to have others watch. When people think about how much they wish to keep private, they start to grasp how dangerous surveillance can be. Not only may those performing the surveillance obtain our private information, but, if they don’t adequately protect it, the whole world may see it.
What do you believe are the biggest security risks to social media? What should users do to protect themselves against these risks?
While there are multiple issues related to social media security, the biggest risk is people making posts without understanding the consequences of those posts. Besides harming one’s personal relationships, professional career, or reputation, a problematic post can harm one’s employer’s brand image, leak its confidential information, lead to it being sued, or violate regulations. Oversharing information can even help criminals to craft highly-effective spear phishing emails, thereby undermining organizational information security and leading to major data breaches. While people should think about what they post, relying on people to “always do the right thing” is a recipe for disaster (think what would happen if we relied on people to practice good cybersecurity hygiene and did not issue them anti-virus software), which is why technology is needed to warn people in real time when they are making problematic posts, from whatever locations, devices, and accounts they make them.
What pieces of everyday technology are people using without realizing the cybersecurity threats behind them? What kind of data is being shared through things like wearables, smart phones, smart watches, etc?
The less something looks like a classic computer, the less people seem to think about cybersecurity when using it. Even though, in some ways, smartphones and tablets pose greater risks to information security than do laptop computers, for example; people often take fewer precautions with these devices than with their laptops. And, when it comes to wearables, or other connected devices, people almost never consider what security risks are created by utilizing the machines. How many people who have purchased connected televisions, thermostats, or refrigerators have truly thought about segregating those devices on separate networks, of monitoring those devices’ activity for anomalies, etc.? Probably only a small percentage. And smart-device manufacturers often don’t adequately address security either – since purchasers aren’t willing to pay more for it. And, that’s one of the reasons that denial-of-service and other forms of attacks are likely to leverage these devices going forward.
Smart devices don’t create risks only to the data that they house and process; the devices can become launching grounds for attacks against other devices, can be used to monitor network traffic from computers, can be used as zombies as part of distributed denial of service attacks, etc.
Joseph Steinberg is a respected cybersecurity expert, who is the founder and CEO of SecureMySocial, which recently brought to market the world’s first system to warn people in real time if they are making inappropriate social-media posts. Earlier, he served for a decade as CEO of cybersecurity firm, Green Armor Solutions, and for five years in several senior capacities at Whale Communications which was acquired by Microsoft. Joseph has been calculated to be one of the top 3 cybersecurity online-influencers worldwide and is a frequent media commentator on cyber-related matters. He is the inventor of several cybersecurity technologies widely-used today; his work is cited in well-over 100 published US patents. He is a regular columnist covering cybersecurity for Inc. magazine (and earlier for Forbes), and has written several books on the field as well. Joseph also serves as an expert witness and consultant on issues related to information security, and is a member of the advisory board of multiple technology companies.
Twitter: @JosephSteinberg

Four Questions For: Ben Rothke

What do you consider to be the biggest challenges facing cybersecurity today?
Some of the challenges are: not enough information security staff.  This is compounded in part by firms being unwilling to pay information security professionals market rates.
Solutions are being rolled out before adequate security review.  Think IoT.
Complexity of systems combined with interconnectivity of many systems leads to myriad avenues for attack. Remember, an attacked only has to find one opening. The owner of the system has to protect every opening.
Will hackers eventually shut down hospitals, break into our medical devices and inflict physical harm on people?
 Eventually? Actually, this is old news. In the last few months Hollywood, CA Presbyterian Medical Center paid $17,000 in bitcoin to ransomware hackers, MedStar Health reported malware had caused a shutdown of some systems at its hospitals in Baltimore, and Methodist Hospital and Prime Healthcare both had phishing-based ransomware attacks. There are many reasons why hospitals are the perfect targets for ransomware and other types of attacks. Hospitals have long build applications with an emphasis on speed an available, as opposed to security. That makes sense, as an emergency room physician shouldn’t have to search for their SecurID token to use the defibrillator.  The downside to that is the easy access approach to defibrillators often translates into easy access to master patient databases.  For a large medical center, that means that millions of records are at risk due to lax information security controls.
Balancing ease of use and strong security controls is a challenge, but acutely so in the medical field.
As to medical devices, some of the manufacturers thought their information security people were as smart as their pharmaceutical engineers. The reality was at times not like that and medical devices were produced without effective security controls.
The following horror story is not atypical: when I was at British Telecom Professional Services, we had proposed a large project to assist a cardiac device manufacturer with their product. Bruce Schneier was with BT at the time and was in a speaking tour of Europe. We arranged that Bruce would stop there and give them an hour-long briefing on the importance of medical device security. They completely misunderstood his message and thought they could do it on their own.
Considering all of the hacks into our governments’ and political organizations’ servers, how likely is it that we will see our voting systems successfully hacked?
I wrote a piece in 2001 titled: Don’t Stop The Handcount; A Few Problems With Internet Voting.
The same problems that existed then, exists now. Considering we can’t keep guns and drugs out of maximum security prisons, it’s ridiculous to think the US Government could deploy a voting system that isn’t highly vulnerable to attack.
It is actually a difficult task, to create a voting system to support hundreds of millions of users, in tens of thousands of physical locations, managed by people who often have little to no technical background. It’s not that a tamper resistant voting system can’t be developed. It’s just that we won’t see it for at least a decade
What is there to be positive about (in regards to cybersecurity) in the face of security threats, cyber warfare and government hacks?
In the past, security was all about fear, uncertainty and doubt.  Now, hardly a day goes by without a story in the Wall Street Journal or Financial Times about information security. That makes the job of selling security much easier.
Many more universities are offer computer security training for computer science graduates, so the book of that with computer security training is much greater.
Security awareness is also required for standards and requirements like ISO/IEC 27001 and PCI DSS, so the trickledown effect means that the information security awareness level is going up for the rank and file employees.
Ben Rothke, CISSP, PCI QSA is a Principal Security Consultant with Nettitude, Ltd.  He has over 15 years of industry experience in information systems security and privacy.
His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design & implementation of systems security, encryption, cryptography and security policy development, with a specialization in the financial services and aviation sectors.
Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and is also a frequent speaker at industry conferences, such as RSA and MISTI.
Twitter: https://twitter.com/benrothke
Blog: https://www.rsaconference.com/blogs?category=security-reading-room