Universal background checks really do cut gun deaths

Universal background checks really do cut gun deaths

Controlling who has access to guns has much more impact on reducing gun-related homicides than controlling what guns people have, researchers report.

As the US reels from three back-to-back mass shootings—which occurred within the span of eight days in Gilroy, California, El Paso, Texas, and Dayton, Ohio—Michael Siegel, a researcher at the School of Public Health at Boston University, says that mirrored analyses of FBI and CDC homicide data serve to “double down” on evidence supporting laws that work to cut gun deaths.

“Using completely different data sets, we’ve confirmed the same thing,” Siegel says. “The main lesson that comes out of this research is that we know which laws work. Despite the fact that opponents of gun regulation are saying, ‘we don’t know what’s going on, it’s mental health issues, it’s these crazy people,’ which doesn’t lend itself to a solution—the truth is that we have a pretty good grasp at what’s going on. People who shouldn’t have access to guns are getting access.”

Siegel’s latest study in the Journal of Rural Health reinforces previous research findings that laws designed to regulate who has firearms are more effective in reducing shootings than laws designed to control what types of guns are permitted. The study looked at gun regulation state by state in comparison with Federal Bureau of Investigation (FBI) data about gun homicides, gathered from police departments around the country.

The researchers’ analysis reveals that universal background checks, permit requirements, “may issue” laws, and laws banning people convicted of violent misdemeanors from possessing firearms can, individually and collectively, significantly reduce gun-related deaths.

It’s a particularly compelling finding because in March 2019, Siegel and collaborators drew virtually the same conclusion by analyzing state laws in comparison with death certificate data the Centers for Disease Control and Prevention (CDC) collected nationally.

In that study in the Journal of General Internal Medicine, Siegel’s team analyzed 25 years of national data to examine the relationship between 10 different types of state laws and the number of deaths by homicide and suicide in all 50 states.

The National Institute of Justice and the Robert Wood Johnson Foundation Evidence for Action Program funded the studies.

State gun laws requiring universal background checks for all gun sales resulted in homicide rates 15% lower than states without such laws. Laws prohibiting the possession of firearms by people who have been convicted of a violent crime were associated with an 18% reduction in homicide rates.

In contrast, Siegel found that laws regulating the type of firearms people have access to—such as assault weapon bans and large capacity ammunition magazine bans—and “stand your ground” laws have no effect on the rate of firearm-related homicide. The researchers did not find that any of the state gun laws they studied were related to overall suicide rates.

Universal background checks, which have long been a top priority for gun control advocates and policymakers in the United States, appear to have the biggest impact. Though there has been a push for federal gun regulations in recent years, the power to legislate gun sales and gun ownership is largely beholden to the states. And according to Siegel, the data doesn’t lie. The average firearm homicide rate in states without background checks is 58% higher than the average in states with background-check laws in place. As of 2017, only 13 states, including Massachusetts, had laws requiring universal background checks.

Here, Siegel explains the findings of these two studies:

The post Universal background checks really do cut gun deaths appeared first on Futurity.

Source: Universal background checks really do cut gun deaths

How Identity Security Improves Your Business Processes

How Identity Security Improves Your Business Processes

Overall, we tend to think of cybersecurity as just that: security. It protects us from digital threats and malicious actors. Yet we also tend to think of it as a giant fence; it surrounds our IT environment where all the important business processes occur. Cybersecurity—identity management and security in particular—constitute a barrier to entry for normal transactions and communications.

However, this doesn’t reflect reality in the modern digital workplace. In fact, identity security can improve your business processes. Here are the ways identity management can make your business processes smoother and more productive long term!

How Identity Security Improves Your Business Processes

Without IAM: Cloud Environments Unruly

Enterprises migrate to cloud and hybrid environments more and more each passing day and the reasons why prove obvious. The cloud offers:

  • Faster communications.
  • Easier collaboration.
  • More productivity.
  • More flexibility.
  • A stronger bottom line.

However, the cloud offers its own challenges. Often these take the form of security challenges: who can access what from where, in addition to a porous digital perimeter.

However, it also presents some unique challenges to business processes. If everyone can access everything on the cloud, how does your chain of command look? Who is responsible for which project? How do you know only the necessary employees have the right access? What if you need someone outside of those employees?

With IAM: More Control Over Cloud Environments

Identity security can improve your cloud business processes. First, identity security ensures your business processes stay safe regardless of the environment. In fact, identity allows your enterprise to protect your users wherever they work—inside the network or outside of it. This allows them to move smoothly and securely while fulfilling their day to day tasks.

Further, identity security allows for scalability to match the limitless potential of cloud environments. As you grow your business on the cloud, your identity management solution should facilitate adding more users to the network.

Simultaneously, identity management—specifically identity governance and administration (IGA)—can help you maintain control over your cloud business processes. IGA allows your business to tightly control the access each user possesses, allowing for more streamlined workflows. Also, you can give employees temporary permissions for special projects, which automatically revoke to prevent access creep.

Without IAM: Password Problems

Think about passwords for just a second: are they really convenient?

Of course, we could list all of the security issues that accompany passwords and other forms of single-factor authentication:

  • Users repeat their passwords, which increases the risk of a credential stuffing attack.
  • Most passwords exist in some form of the Deep Web for easy malicious use.
  • Employees frequently share their passwords with one another or write them down.
  • Even novice hackers can guess users’ passwords through information publicly available on social media.

However, the above list focuses on the cybersecurity aspect of passwords. What about convenience? Sure, passwords represent a known quantity, but think of all the headaches that come with them.

For example, employees tend to forget their passwords—unsurprising given how many passwords the average user commits to memory; actually, each employee may have 100 accounts to keep track of on average.

Whenever an employee forgets their password, they call your Help Desk to retrieve or reset it. This easts up valuable time in more than one way. Your employee has to wait for the password, letting precious work time slip by unused. Meanwhile, your Help Desk must let other critical tasks go unfulfilled and thus create a long wait for other employees.

It certainly doesn’t sound convenient.

With IAM: Streamlined Logins and Authentication Protocols

Some of you reading this may have lifted an eyebrow at this claim. After all, isn’t identity management authentication notorious for impeding the user experience and causing delays in business processes? Don’t employees work faster if they remain familiar with the system—which always means sticking with the legacy identity management solution?

This may have been true back in the legacy identity management heyday. But you may find it far from true now.

Focusing on your business processes, let’s look at the opposite of single-factor authentication: multifactor authentication (MFA).

In modern MFA, many of the factors used for authentication take place behind the scenes. These include:

  • Geofencing.
  • Time of Access Request.
  • Device Registration.

Sure, the user experiences a login experience not all that dissimilar to a “traditional” one. However, their identity remains under heavy scrutiny during login.

Moreover, next-generation multifactor authentication doesn’t end at the login stage. No one can overstate the importance of this distinction. Most legacy identity security solutions allow free reign after login, which lays out the welcome mat for hackers.

Yes MFA presents so many obstacles most hackers choose instead to target low-hanging fruit. Yet assuming invincibility never did anyone good in the long term. You should constantly evaluate your users’ identities and their intentions. Through continual behavioral analysis, you can do that.

Also, you can deploy behavioral analysis—including monitoring typing behavior—quietly.

Without IAM: Constant Risk

Unfortunately, identity management and cybersecurity don’t just work as a gate. They need to become full-fledged aspects of your business processes if you aim to succeed.

Think about the consequences of a data breach—the majority of which begin with stolen or cracked credentials. A single breach costs more than just finances pilfered and legal fees paid (both of which prove substantial by themselves). You also need to consider the damage to your enterprise’s reputation, its customer loyalty, and its attractiveness to new customers.

After all, consumers and clients are statistically less likely to patronize a business if they feel their data is handled carelessly. Think of the damage that attitude could do to your long term growth.

In other words, your business processes may truly be next-generation. It won’t matter in the wake of a data breach due to missing identity security.

WIth IAM: Better Business

Incorporating IAM into your business processes creates a digital perimeter which deters most hackers. Sure, you should still engage in threat hunting and have an incident response plan ready. But you can rest assured you took every step possible to keep yourself secure. Your customers and employees will thank you for it.

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.

Source: How Identity Security Improves Your Business Processes

Identity Theft and Cyber-Fraud in the UK Hit All-time High

Identity Theft and Cyber-Fraud in the UK Hit All-time High

In 2017 the risk of fraud continued to evolve and intensify in the UK; identity fraud hit a new all-time high and cyber-enabled fraud accounted for an even greater proportion of the growing problem, according to the 2019 Fraudscape report.

In 2017 more than 305,000 instances of fraudulent conduct were recorded to the National Fraud Database:

  • Identity fraud continued to rise, hitting an all-time high of 174,523 cases in 2017 (up one percent from 2016). 95 percent of these cases involved the impersonation of an innocent victim.
  • Eight out of 10 fraudulent applications were made online.
  • There was a 27 percent increase in 14-24 year olds becoming ‘money mules’.
  • Overall bank accounts identified as being used as ‘mule’ accounts were up by 11 percent.
  • More than a third of bank account takeover victims were over 60-years-old.
  • Organizations successfully prevented over $1.6 billion in fraud losses through non-competitive data sharing.

This ‘retargeting’ by identity fraudsters can be seen as a shift towards more accessible products, such as mobile phone contracts, online retail accounts, retail credit loans and short-term loans.

Source: Identity Theft and Cyber-Fraud in the UK Hit All-time High

5 HIPAA Data Breaches Lead to $3.5M OCR Settlement

Source: Xtelligent Media | Health IT Security

February 01, 2018 – Fresenius Medical Care North America (FMCNA) recently agreed to a $3.5 million OCR settlement following allegations that it committed HIPAA violations on five different occasions at separate FMCNA covered entities. FMCNA provides product and services for individuals with chronic kidney failure, and has a network including dialysis facilities, outpatient cardiac and vascular labs, urgent care centers, hospitalist, and post-acute providers.
DOD Wants to Transform Its Authentication Technology

DOD Wants to Transform Its Authentication Technology

This article is very interesting, Nimbus-Key system could be the solution for their problem (Jose Bolanos MD).

The Defense Department has been trying to kill the Common Access Card for a long time. Before it does so, it wants to make it more like a commonly used authentication measure: the Personal Identity Verification (PIV) card.

Former DOD CIO Terry Halvorsen announced a two-year plan in June 2016 to move away from the CAC.

The CAC is a “smart” card about the size of a credit card, and is the standard identification issued to active duty uniformed service personnel, selected reserve, DOD civilian employees and eligible contractors, the DOD notes. It is also the principal card used to grant physical access to buildings and controlled spaces, and it gives users access to DOD computer networks and systems. Last year, the DOD tested alternatives to the CAC.

Before that replacement process is complete, the Pentagon wants to evolve the CAC to make it more like the PIV card, Andy Seymour, the DOD’s public key infrastructure manager, tells Federal News Radio. The goal is to bring more security and interoperability to the DOD’s authentication technology.

SIGN UP: Get more news from the FedTech newsletter in your inbox every two weeks!

Directives Forthcoming for PIV Authentication

The PIV card was established during the George W. Bush administration under Homeland Security Presidential Directive-12. The PIV authentication certificate helps a federal user prove their identity to get access to secure systems and data. PIV cards allow users to receive, store, recall and send information in a secure manner by encrypting the data, the Veterans Affairs Department notes.

According to the National Institute of Standards and Technology (NIST), PIV authentication certificates on PIV cards (called “certs” for short in the IT security community) are “issued in a manner that satisfies the requirements for level of assurance 4 (LOA-4) for identity proofing, tokens, and token and credential management.”

“We are on the verge of releasing directives to the services that says you have 18 months to unlock the PIV certificate authentication that is currently on the card and start utilizing that for logical access,” Seymour tells Federal News Radio. “We are seeing the requirements that support PIV identity cert are more than what the CAC cert has.”

What’s behind the move? Seymour says “one of the big drivers” is to achieve “interoperability across the entire government space,” and not just DOD. The changes have been circulating in the military service branches for months and should not come as a surprise, according to Seymour.

“The identity management experts that I work with across the services all understand it. They all get it and know what it takes,” he tells Federal News Radio. “The Air Force folks already utilize this for other capabilities. They understand the PIV [authentication] and the certificate is on the CAC as we speak right now.”

In some of the military services, these authentications and certificates are locked and not viewable. For others, they can be unlocked.

There will likely be some hurdles ahead for DOD components, Seymour acknowledged. “They know it’s coming and they know it will be a challenge to reconfigure because you now have to look at the PIV [authentication] certificate instead of the CAC ID,” he says. “Some applications may have been using the email cert as identification and we will ask them to use the PIV [authentication] at the application level as well.”

The Benefits of a New Approach to Authentication

DOD likely wants to embrace the authentication approach taken by PIV because of how its authentication works. Federal News Radio reports:

NIST says the benefits of using the PIV authentication is systems and applications are using one certificate to perform a digital signature operation through the private key associated with the certificate, and that the system performing the authentication can verify the signature while also validating the certificate itself.

PIV cards can be used to access high-value systems and systems that require fewer security protections.

DOD is exploring other ways to improve the CAC, including something known as the opacity, which, Federal News Radio reports, “is protocol to protect contactless communication between the card and the system, and adding encrypted certificates that will let users do tap-and-go authentication.” This is crucial for first responders and others who need quick access to systems or facilities, the publication notes.

The effort to evolve beyond the CAC is an ongoing process, Seymour says. “The CAC is the anchor for everything for the DOD — physical access, logical access. It’s so difficult to try to do away with that and replace it with something else,” he says. “We are looking at a lot of multifactor authentication capabilities. We are looking at identity federation services. We are looking at federation with our mission partners. We’ve also got a big mobility program coming out of the Defense Information Systems Agency called Purebred that is going to help us with derived credentials on things like cell phones and make that user experience more frictionless and seamless.”

Source: DOD Wants to Transform Its Authentication Technology

Nucleus Vision Adds Blockchain and Technology Experts

Nucleus Vision Adds Blockchain and Technology Experts

Nucleus Vision, the blockchain-based contactless identity management system and retail loyalty program powered by cryptocurrency, has today announced that Microsoft executive Ausaf Ahmad and digital currency experts Jaron Lukasiewicz and David Wachsman have joined as advisors to the company. Ahmad will serve as a blockchain technology advisor to Nucleus Vision. Lukasiewicz will advise the team on its business development and technical roadmaps, while Wachsman will guide the company’s long-term communications strategy.

See the press release below

Featured image: geralt / Pixabay

Nucleus Vision Adds Blockchain and Technology Experts as Advisors

Microsoft executive Ausaf Ahmad, blockchain veterans Jaron Lukasiewicz and David Wachsman join as advisors

New York, New York — January 18, 2018 — Nucleus Vision, the blockchain-based contactless identity management system and retail loyalty program powered by cryptocurrency, has today announced that Microsoft executive Ausaf Ahmad and digital currency experts Jaron Lukasiewicz and David Wachsman have joined as advisors to the company. Ahmad will serve as a blockchain technology advisor to Nucleus Vision. Lukasiewicz will advise the team on its business development and technical roadmaps, while Wachsman will guide the company’s long-term communications strategy.

Nucleus Vision CEO Abhishek Pitti said: “We are thrilled to have the support and guidance of Ausaf, Jaron, and David as advisors. Ausaf’s work managing Microsoft’s largest partners to drive blockchain and IoT innovation will be particularly helpful as we apply both technologies to the retail space, and Jaron’s vast experience as a blockchain entrepreneur and advisor to companies in the space will help us deploy and scale our platform for retailers. Furthermore, David’s experience developing media relations and communications strategies for the top companies in the blockchain space will prove indispensable as Nucleus Vision grows and scales.”

Ausaf Ahmad, the Internet of Things (IoT) and Blockchain Lead at Microsoft, has years of experience as a technologist. For the past two years, he has managed Microsoft’s largest and most influential partner ecosystem to drive key IoT and blockchain initiatives, along with overseeing key accounts for its Azure platform. Ahmad is also a veteran of Boeing, where he led analysis and design of commercial airplanes, and had a stint at Wall Street where he worked as an investment banking associate. Ahmad received his MBA from the Massachusetts Institute of Technology and his Master of Science degree in aeronautical engineering from Embry-Riddle Aeronautical University.

Ausaf Ahmad said: “I am very excited by the impact that Nucleus Vision will have on millions of customers and retailers around the world. Using its proprietary IoT sensor, Nucleus Vision is empowering brick-and-mortar stores to gain insights into previously inaccessible data about their customers. Add a blockchain-based loyalty program to the product offering, and you can see that Nucleus Vision is going to improve shoppers’ in-store experiences in clever and unprecedented ways.”

Jaron Lukasiewicz has been a notable figure in the cryptocurrency and blockchain industries since 2012. Lukasiewicz founded and served as CEO of Coinsetter, a New York City-based bitcoin exchange, which was acquired by Kraken, the world’s largest digital asset exchange in Euro volume, in January 2016. The sale was, at the time, the largest merger-and-acquisition deal in Bitcoin history. Lukasiewicz also served as CEO of Cavirtex (Canadian Virtual Exchange), the oldest and largest Canadian bitcoin exchange, which was also acquired by Kraken in 2016. Lukasiewicz graduated from Rice University on the President’s Honor Roll with a Bachelor of Arts in Economics.

Jaron Lukasiewicz said: “Nucleus Vision’s top-notch team and partnerships with a variety of industry leaders have primed the company for success. Its impressive application of blockchain technology to a real-world problem provides an innovative solution that will improve the state of the retail industry.”

David Wachsman is the Founder and CEO of Wachsman, the largest public relations firm specializing in digital currency and blockchain-based companies. Wachsman provides media relations, strategic communications, brand development, and corporate advisory services to many of the most indispensable companies in the financial technology, digital currency, and crypto-asset sectors. Wachsman represents prominent clients in the blockchain space, such as the Crypto Valley Association; Dash; Lisk; IOHK, the developers of Cardano; and Steemit. Previously, Wachsman led day-to-day operations for a boutique public relations agency in Manhattan and previously held roles in advertising, political affairs, and biotechnology.

David Wachsman said: “I am proud to join a project of the monumental vision and scope of Nucleus Vision. The company will radically transform the retail experience for millions of customers, and I am incredibly excited by this opportunity to develop a strategic plan for sharing Nucleus Vision’s milestones and achievements with the world.”

Due to high demand, Nucleus Vision closed its whitelist registration ahead of schedule on December 26, 2017, concluding with 47,146 registrants. Nucleus Vision plans to build the world’s first contactless identity management system and retail loyalty program powered by cryptocurrency.

For more information, please see the Nucleus Vision website at https://nucleus.vision/

Source: Nucleus Vision Adds Blockchain and Technology Experts

SaveSave