Image: Getty Images
Representatives from Google, Facebook, and Twitter on Friday appeared before an Australian security committee as a united front, spruiking the idea that they’re all working together to thwart nefarious activity, such as violent extremist material, from proliferating their respective platforms.The trio told the Parliamentary Joint Committee on Intelligence and Security as part of its inquiry into extremist movements and radicalism in Australia that the effort is a joint one and that the best way forward was to not actually legislate a ban of all mentions of content deemed inappropriate.”We all know combating terrorism and extremism is a continuous challenge. And unless we can completely eliminate hate and intolerance from society, there’s going to be hate and intolerance online,” Facebook Australia’s head of policy Josh Machin said. “It’s also a shared challenge between governments, industry experts, academia, civil society, and the media.”Asked about what the Australian government could do to help the platforms with such a mammoth task, Twitter’s senior director of public policy and philanthropy in the APAC region Kathleen Reen said it would be incredibly problematic to use a blunt force instrument like a ban.”One of the things that’s really important in order to really de-radicalise groups to ensure healthy, cohesive, inclusive, and diverse communities, is to make sure that there’s awareness, discussion, interrogation, and debate, and research about what the problems actually are,” she said. “If you ban all discussion at all about it … you may find yourself effectively chasing it off our platforms where the companies are working to address these issues, and pushing it out into other platforms.”Reen suggested, instead, for “deep work” with academic and civil society experts, as some examples, that considers how to create “cohesive communities when you’re also trying to stop those bad actors”.

“To be clear, stopping the conversation entirely won’t address the problem in our view. In fact, it’ll make it worse,” she said.Facebook, Twitter, Google-owned YouTube, as well as Microsoft in June 2017 stood up the Global Internet Forum to Counter Terrorism (GIFCT) as a collective effort to prevent the spread of terrorist and violent extremist content online. There are now 13 companies involved.The GIFCT shifted its focus in the wake of the Christchurch terrorist attack and the call to arms New Zealand Prime Minister Jacinda Arden made by way of the Christchurch Call. Reen said the Call was a “watershed moment”. “It was a moment for convening governments and industry and civil society together to unite behind our mutual commitment for a safe, secure, and open internet. There was also a moment to recognise that wherever evil manifests itself, it affects us all,” she said.Reen said the group is hoping to add more names to the GIFCT.”We’re looking forward to expanding these partnerships in future because terrorism can’t be solved by one or a small group of companies alone,” she said. Part of expanding the platforms involves working with smaller, less known platforms, with concerns an unintended consequence of eliminating hate from the more popular ones will result in echo chambers elsewhere.”We know that removing all discussion of particular viewpoints at times, no matter how uncomfortable they may seem, we’ll only chase extremist thinking to darker corners of the internet, to other platforms, and to other services, services that may be available in Australia,” Reen said. “Services that may or may not have been invited to participate in such conversations and critical debates about what to do next.”Google Australia’s head of government affairs and public policy Samantha Yorke believes there is clearly an opportunity for the big mainstream platforms to play a role.”The only ‘watch out’ for us all in the context of this particular conversation is just around privacy issues that would inevitably pop up around behavioural profiles and sharing information about specific identifiable users across different companies and platforms,” Yorke said. “There’s some obvious areas where there would be privacy implications there, but … it’s an area that I think is ripe for further exploration.”Twitter initiated a URL sharing project, which has since been inserted into the greater GIFCT work. She said since inception, about 22,000 shared URLs have been put into that database.”It speaks to the importance of experimentation,” she said. “And I think it also speaks to the importance of transparency around these processes.”Similarly, YouTube also has an “intel desk”, which Yorke said is essentially tasked with surveying what’s happening on the web more broadly, identifying emerging themes or patterns of behaviours that might be taking place off the YouTube platform, but which may manifest in some way onto YouTube. “It’s seeking to develop a little bit more of a holistic view of what’s going on out there,” she said.The trio agreed with Reen’s view that there is the opportunity for the Australian government to potentially dig deeper into these partnerships more.Appearing before the committee on Thursday, Australian eSafety Commissioner Julie Inman Grant was asked why a Google search for the Christchurch terrorist’s manifesto returns results. “We’re not going to the war with the internet,” she said.MORE FROM THE INQUIRYAustralia’s eSafety and the uphill battle of regulating the ever-changing online realmThe eSafety Commissioner has defended the Online Safety Act, saying it’s about protecting the vulnerable and holding the social media platforms accountable for offering a safe product, much the same way as car manufacturers and food producers are in the offline world.Home Affairs’ online team referred over 1,500 violent or extremist items for take-downThe department said the content it refers to social media platforms is beyond the actions the platforms themselves already take regarding the removal of items that incite hate or violence, or promotes terrorist ideals.Tech giants and cops at least agree thwarting terrorist or extremist activity is a joint effortSocial media platforms say they want to work with law enforcement and policymakers to stop their platforms from being used to promote extremist movements and radicalism in Australia. More

We conduct much of our digital lives on our phones, from online shopping and social media posting to bill paying and work emailing — which requires continuous access to a long list of passwords. The easiest (and most secure) way to keep track of logins, credit card information, and other sensitive data is with a password manager that integrates seamlessly on mobile, and there are a number of password management apps that work well for iPhone users. Also: The best password managers: Expert testedWhat is the best iPhone password manager right now?At ZDNET, we’ve tested a wide range of password managers on iOS to find the ones that securely store your data and make it easily accessible in apps and browsers when you need it. Our pick for the best password manager for iPhone overall is Bitwarden More

Most Brazilian companies have not increased their investments in information and cyber security since the Covid-19 pandemic emerged despite an increase in threats, according to a new study on perceptions of cybersecurity risk in Latin America since the start of the crisis.
According to the survey, carried out by consulting firm Marsh on behalf of Microsoft, 84% of organizations failed to boost their security spend since March 2020, even though 30% of those polled saw an increase in malicious attacks as a consequence of the novel coronavirus crisis, with phishing and malware being the most frequent types of occurrences.
Despite the increase in security threats, 56% of the Brazilian companies polled currently invest 10% or less of their IT budget in cybersecurity. According to the study, 52% of Brazilian organizations said investment in security has not changed since the start of the pandemic.

In terms of employee practices around security, only 23% of the Brazilian organizations that took part in the study said their workforce is using company-provided equipment to work. At a regional level, 70% of Latin organizations allowed their employees to use their personal devices following the shift to remote working.
According to the study this significantly increased exposure to some type of cyber incident, but remote access security is a priority for only 12% of respondents and the second item on the list for 7% of respondents.
Only a quarter of the Latin companies surveyed increased their cyber security budgets after the pandemic, while the increase in the data protection budget was 26%. Moreover, only 17% of organizations in Latin America have insurance against cyber threats.
“Many results found in this analysis are really worrying, such as the low rates of companies with insurance against cyber risks and security investment”, said Marta Schuh, cyber risks superintendent at Marsh Brazil.

“Now that companies are more exposed to remote work and the use of personal devices, it is worrying that few companies have increased their cybersecurity budget after the pandemic and some have even reduced this investment, despite the notable increase in cyber attacks”, she added. The study follows the news on massive data leaks in Brazil, which have emerged over recent weeks. More

[embedded content]
An unidentified hacker has accessed the computer systems for the water treatment facility in the city of Oldsmar, Florida, and has modified chemical levels to dangerous parameters.
News of the attack was disclosed today in a press conference by city officials.

ZDNet Recommends

The intrusion took place on Friday, February 5, when the hacker accessed a computer system that was set up to allow for the remote control of water treatment operations.
The hacker first accessed this system at 8 am, in the morning, and then again for a second and more prolonged intrusion at 1:30 pm, in the afternoon.
This second intrusion lasted for about five minutes and was detected right away by an operator who was monitoring the system and saw the hacker move the mouse cursor on the screen and access software responsible for water treatment.
Hacker modified lye levels
“Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It’s also used to control water acidity and remove metals from drinking water in the water treatment plant,” said Oldsmar Sheriff Bob Gualtieri.
“The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million. This is obviously a significant and potentially dangerous increase.”

Oldsmar city staff said that no tainted water was delivered to local residents as the attack was caught in time before any lye levels could be deployed.
According to Sheriff Gualtieri, the hacker disconnected as soon as they modified the lye levels, and a human operator set the chemical level back to normal right away.
Officials didn’t attribute the attack to any specific hacker group or entity. The timing of the attack is also of note as the city of Oldsmar is located near the Tampa urban center, which hosted the Super Bowl LV game on Sunday.
Not the first time
This is the second incident of its kind where a hacker has accessed a water treatment facility and modified chemical levels.
A similar incident was reported back in 2015-2016 at an unnamed water treatment facility, but investigators said the intruders didn’t seem to know what they were doing, making random changes, and investigators classified the intrusion as an accident rather than an intentional attack.
Another set of attacks took place earlier this year, but without as dire consequences. In the spring and summer of 2020, Israeli officials reported attacks against local water treatment facilities, water pumps, and agricultural irrigation systems.
Tel Aviv officials, which blamed the attacks on the Iranian government, said hackers tried to access the management panels of several types of smart water management systems and asked local organizations to change their passwords.
None of the attacks were successful, officials and local media reported at the time. More

A new survey suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans.

On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US) on today’s cybersecurity threats.  The research — including insight from those in CEO, CISO, and other leadership roles — suggests that nearly all US executives have come across at least one cybersecurity event over the past year, 98%, in comparison to 84% internationally.  The COVID-19 pandemic has led to an increase in cybersecurity incidents and it appears that the event rate may disproportionately have impacted organizations in the United States.  According to Deloitte’s research, 86% of US executives have noticed an uptick in attack attempts, a higher climb than that experienced by 63% of leadership worldwide.  Despite the ongoing risk of cyberattacks, US enterprise firms are not up to par when it comes to implementing defense and incident response initiatives. In total, 14% of US executives have no such plans, in comparison to 6% of non-US executives.  Problems including data management issues, infrastructure complexities, failures to keep up with technological advances, and missteps in prioritizing cybersecurity are all cited as challenges in coming up with workable cybersecurity plans. 

Over 2021, incidents including the Microsoft Exchange Server hacking wave, the ransomware incidents at JBS and Colonial Pipeline, and the DDoS attack against KT have highlighted the severe business disruption caused by successful attacks.  Of interest is that rather than malware, phishing, or data breaches being a top concern, 27% of executives said they were most worried about the actions of “well-meaning” employees who may inadvertently create avenues for attackers to exploit.  However, only 41% of organizations say they have implemented solutions to track and monitor the risk factors associated with staff access and behavior.  The research suggests that the common consequences experienced by today’s firms after an incident include disruption (28%), a drop in share value (24%), intellectual property theft (22%), and damage to reputation that prompts a loss in customer trust (22%).  In addition, in 23% of cases, a cyberattack can lead to a change in leadership roles. “No CISO or CSO ever wants to tell organizational stakeholders that efforts to manage cyber risk aren’t keeping up with the speed of digital transformations made, or bad actors’ improving tactics,” commented Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal. “Aggressive organizational digital transformations and continued remote work for some seem to be shining more of a spotlight on the human side of cyber events — both the cyber talent gap and the potential risk well-meaning employees can pose. We see leading organizations turning to advanced technologies to help bridge those gaps.”
Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More