Don Mathis, Foreign Policy

DoD May Help Small Business Combat Cyber Attacks

Over the 2014 fiscal year, the United States Department of Defense invested $55.5 billion to small business prime contractors across 51,000 locations.

Despite this investment, small businesses remain largely at risk to increasingly sophisticated and damaging cyber attacks. Even small businesses tasked at supporting federal operations remain at risk to attacks. Lacking robust cybersecurity systems and other resources their larger counterparts have, small businesses remain under-equipped when it comes to protecting their business.

The sector continues to be vulnerable to both intentional and unintentional cyber threats. The GAO cites unintentional threats as anything from faulty networks to careless workers. Conversely, intentional threats include targeted and untargeted attacks from various sources.

A recent Government Accountability Office (GAO) audit revealed the extent at which small business remains susceptible to cyber attacks. While nothing has been confirmed the GAO, “recommends that DOD identify and disseminate cybersecurity resources to defense small businesses. DOD concurred with the recommendation and agreed to implement training events and education programs.” While the DOD’s Office of Small Business Programs (OSBP) is not required to provide such support to the small business sector, it is under consideration in light of the GAO’s findings.

One major finding from the GAO article was the sector’s unawareness of security resources that already are available. To counter this trend, the audit recommends the DOD disseminate these current resources to small businesses working in defense. So far, nothing is set in stone, but the DOD has agreed to launch training and education programs to educate defense small businesses with the adequate knowledge.

Though it is troubling to hear how small businesses as a whole are still behind on cybersecurity measures, there is hope that the trend will begin to change. Seeing as how small business accounts for 99.7 percent of jobs in the United States, every measure must be taken to ensure their safety from intentional and unintentional attacks. The current small business security infrastructure requires an upgrade to provide safety for customers and internal operations. With the DOD and GAO’s involvement, hopefully, we soon won’t need these sorts of audits to spark a change within the sector.

from Don Mathis: Cybersecurity & Tech

Don Mathis, Foreign Policy

Terrorism Prompts Governments, Tech Giants to Battle Over Encryption

The latest wave of terror attacks across the globe once again stoked the fire that is the encryption debate.

In the United States and U.K., the debate has prompted law and policy makers to explore where encryption technology stops helping its users and instead potentially hurts the general public. This new level of concern has both the public and private sector concerned about where the line is drawn–if one will be established at all.

Apps like Signal, Wickr and Telegram are on the front lines of the debate. These and other similar apps have been used or alleged to have been used, for communication amongst terrorists and the terror cells they coordinate with. In the case of Telegram, the app has not had credible evidence to say groups like the so-called Islamic State used Telegram to encrypt its messaging. However, it is clear that the app and others were used by IS to announce its involvement in the attacks in Paris and the downing of the Russian airliner in Egypt.

In the U.S., it’s not just politicians looking to revise encryption standards. FBI Director James B. Comey recently voiced his concern. In light of evidence that the terrorist behind the Garland, Texas Muhammed drawing contest had more than 100 encrypted text messages, Comey believes the government and its agencies should have a way to circumvent the current walls for the sake of public safety. “We have no idea what he said because those messages were encrypted,” Mr. Comey said. “And to this day, I can’t tell you what he said with that terrorist 109 times the morning of that attack. That is a big problem. We have to grapple with it.”

Despite running into a wall from the Obama administration earlier this year on the subject, Comey and others believe the latest wave of violence should allow for the topic to be discussed again.

In the U.K., the Investigatory Powers Bill is proving quite divisive over similar issues. In short, the IPB would require web and phone companies to store users’ website records, allows law and security services to hack into phones and computers, places obligations on companies to assist the organizations in skirting encryption and several other key points you can see here. The bill would stop short at banning encryption, much like the efforts in the States. Instead, the move would curtail the strength of encryption so it can be broken when needed. This means Apple, Google and others in the sphere won’t be able to offer advanced encryption to its users. In a not so surprising response, Silicon Valley and other tech giants are pushing back.

While politicians and authorities that include Comey and Prime Minister David Cameron believe companies shouldn’t be allowed to create a secure space where terrorists and other criminals could use end-to-end encryption as a “safe space” from authorities, tech giants stand in opposition. Apple CEO Tim Cook is one adamant detractor. Last year he wrote that “I want to be absolutely clear that we have never worked with any government agency from another country to create a backdoor in any of our products and services. We have also never allowed access to our servers. And we never will.”

From an outside perspective, this issue proves its level of divisiveness. While no one wants to see terrorists have a safe space to operate and plan its next atrocity, fears of government and law enforcement overreach do have credibility as well. With CISA and other bills moving through the U.S., both nations represent the front line of the latest privacy battle pitting the government against technology.

It remains to be seen what will eventually determine the line, but it is a subject that certainly impacts all of us regardless.

from Don Mathis: Cybersecurity & Tech

Don Mathis, Foreign Policy

2016′s Projected Massive Year in Cybersecurity

In this past December alone, news of two massive cybersecurity attacks within the U.S. power and security sectors made headlines. Additionally, companies find themselves at risk of attacks to their business as well. According to PWC’s Global State of Information Security® Survey 2016 had some key findings you can see below.


Screen Shot 2016-01-29 at 3.03.41 PM

From private to public sector, essentially everyone is moving towards what is ideally more secure data protection practices.

Some recent estimates I’ve come across estimate that 90 million cyber attacks happen across the world annually, costing $575 billion in damages and upgrades. With that, it’s no surprise that a Bank of America Merrill Lynch report estimates that today’s $75 billion a year industry sector should balloon to $170 billion by 2020. While these are just estimates and projections, the industry certainly is booming.

According to Cybersecurity Ventures’ Q3 2015 market report, the aerospace, defense, and intelligence industries will continue to spur the sector’s massive growth over the next five years. The report further cited an IDC study that states, “IDC predicts that by the end of 2015, 20 percent of proprietary data in the cloud will be encrypted – and by 2018, that will quickly rise to 80 percent.” Again, these are predictions but all signs point to a high probability this growth reaches this level to some degree.

Currently, North America and Europe serve as the top revenue generators for the industry. However, be on the lookout for emerging businesses and opportunities in the Asia-Pacific region. While China is the notable nation, many other nations in the region are emerging as a potentially massive market. In the United States, cybersecurity booms across the nation. A Cybersecurity Ventures’ November 2015 Hot Cybersecurity Companies to Watch list was largely leaning to U.S. companies. Milpitas, California’s FireEye took the top spot with businesses from Georgia, Florida and more from California rounding out the top five.

While nothing is certain, the cybersecurity industry appears to be a near certain when it comes to growth. In an ever evolving world where technology is cutting edge one day and obsolete the next, data security will remain a top demand unless a full-on disruption relegates this level of protection needless. Since none of that has been even discussed, it’s likely that 2016 will continue in 2015’s steps as a boom year for the business.

from Don Mathis: Cybersecurity & Tech

Don Mathis, Foreign Policy

Where Do You Stand on CISA?

Source: phylevn

Source: phylevn

The Cybersecurity Information Sharing Act, or CISA as it is commonly known, is the latest government proposed act to splinter the American public when it comes to cyber safety and privacy rights. As it heads towards a Senate vote, many in government and the private sector are voicing their opinions. Many standing in opposition to CISA claim that this is just a revamped version of past acts that failed to reach the amount of votes needed. Conversely, in light of the U.S. Office of Personnel Management (OPM) data breach, Sen. Chuck Schumer (D-NY) believe it is time we move forward.

Here’s an overview of what has the Internet in flux this time around.

What is CISA?

If passed, CISA aims to bolster cybersecurity for both the public and private sector. To make this claim possible, companies will be allowed to share cyber threat information with the government. From there, the business will have the authority to combat some threats internally without the government’s intervention. While that may reassure some, privacy advocates and cybersecurity experts question the lack of clarity and potential overreach the provisions could extend to.

Those in opposition cite the government’s current lack of specifics in the bill. As it currently stands, the proposed bill fails to spell out what information can and cannot be shared with the government. Without clearer interpretations of its reach, anti-CISA advocates believe the authorities could take too many liberties.

This Sounds Familiar

And it should if you’ve been following cybersecurity news over the past few years.

Despite passing a 2013 House of Representatives vote, Senate opted to not vote on the act. Additionally, the White House threatened to veto the act after amendments to the act weren’t clear enough.

In addition to CISA moving through government, the Protecting Cyber Networks Act (PCNA) is up for debate as it passed the House this past April. Additionally, the past few years have seen many bills in similar fashion come up for vote. Those include the Cyber Intelligence Sharing and Protection Act (CISPA), The PROTECT IP Act (PIPA) and Stop Online Piracy Act (SOPA).

In short, CISA and PCNA might be new in name, but both sides of the argument are quite familiar with the gist of its intention.

What Happens Next?

As the Daily Dot hypothesizes, a likely outcome could find CISA and PCNA merge into one bill under the PCNA name. From there, they believe it will pass through the House and Senate after resolving differences before the White House signs off on the bill.

At this stage, the White House has mentioned reservations on both bills. Though, these reservations are far from the prior veto threats. As the Daily Dot goes on to speculate, this version of the bill should pass if it stays the current course it is on.

For those opposing new legislation, their voice will need to be heard if they want to stop the act from going into practice. Much like Net Neutrality, the public has shown its ability to take on big cyber policy. However, with bipartisan support this latest proposal stands poised to succeed.

In such a sensitive issue, it is recommended that you do your own thorough and investigative reading on the issue. While some fear the overreach of the act, others do make valid points that cybersecurity issues must be addressed before another debilitating act hits private or government operations.

from Don Mathis: Cybersecurity & Tech

Don Mathis, Foreign Policy

How Social Advertising is Coming of Age

don mathis-social-advertising

“If you are digital, you must be social. Three years ago, it was experimental. It became something you kind of sort of had to have two years ago. You must have it today.”

I recently had the opportunity to share the stage with Kyle Harty and Wick Vipond from Allen Gerritsen at Ad Age’s 2015 Data Conference where we discussed social advertising and the power of its data. Social Advertising is coming of age, but is already an incredibly powerful medium. Through my work with Kinetic, I have been able to see its rise firsthand over the past few years. From established ad mediums like Facebook and Twitter to up and comers like Pinterest, each medium provides a creative space to engage followers in different ways.
In terms of reach alone, these platforms provide a brand ample opportunity to effectively reach and expand its audience:


With each platform comes specialization. If a brand brought the same approach to each platform, it would fail to reach its potential. Currently, users spend an increasing amount of time on most major social platforms. By harnessing each platform’s power, a brand can see exponential success while preparing to expand into other mediums.

A Kinetic partner, Sunoco, was used by the three of us during our presentation. In a bid to reach a bigger audience on social, we framed Sunoco as The Essence of Racing with its official fuel deals with most American racing sports. This subject may not seem like something up social media’s alley, but that all changed with Burnt Rubbér.

Starting with a three-month campaign, Burnt Rubbér became a series of  four unique promo videos and five still images. Through specializing for each medium, the campaign allowed users to engage closer with some of their favorite drivers–including a 39.4 percent Action Rate on Facebook. By breaking the campaign into individual pieces on Instagram, Sunoco began a fun dialogue with its audience. Now, plans call for Burnt Rubbér to launch on Pinterest soon.

In today’s digital arena, you must be engaging your audience with the appropriate content and approach on each social media platform. With a creative approach, brands can expand their audience and create a reputation as a leader in its sector when it comes to content. In doing so, a brand harnesses social media in a way that doesn’t leave its audience thinking it saw an ad, but rather an ingenious piece of content that just so happened to inspire their purchases. Watch the full video below!

from Don Mathis: Cybersecurity & Tech