Believe it or not, Christmas is just a week and a half away.  It seems like yesterday we were talking about Thanksgiving, Black Friday, and Cyber Monday, and all of the great deals that were coming out.  Now it’s time to gorge ourselves with yet another huge meal, and most importantly, to spend time with family and friends, and ring in 2020. 

Speaking of which, there have been many news headlines as of late predicting what 2020 will bring in.

I will write about that closer as we approach the New Year.  But anyways, apart from all of the shopping whether it is online or at the brick and mortar stores, there is a good chance that many of us will be travelling as well.  I won’t be personally, but I know some members of my family will be. 

With this in mind, one has to be even extra careful and mindful in taking extra security precautions in protecting your Personal Identifiable Information (PII).

In this regard, a recent market research study that was conducted by an organization known as “Coronet”, revealed the most insecure as well most secure cities in the United States.  The report is entitled the “Cybersecurity in the City: Where Small Businesses Are Most Vulnerable to Attack”, and it can be downloaded from this link:

https://coro.net/wp-content/uploads/2019/12/Coronet_Americas_Most_Insecure_Cities.pdf?utm_source=media&utm_medium=pitch&utm_campaign=City_Data_Report

According to this research, here are the most Cyber vulnerable cities:

Las Vegas
Houston
New York City
Miami-Fort Lauderdale
Harrisburg-Lancaster
West Palm Beach-Ft. Pierce
Hartford-New Haven
Birmingham
Indianapolis
Sacramento-Stockton

And, here are the most Cyber secure cities:

Salt Lake City
St. Louis
Seattle-Tacoma
Austin
Albuquerque-Santa Fe
Phoenix
Oklahoma City
Cincinnati
Columbus (OH)
Cleveland-Akron

You may be wondering at this point what sort of parameters were used in determining the above.  Well, according to Coronet, the network information and data were collected from the following sources:

*Over 1,000,000,000 endpoints;

*Over 24,000,000,000 networks were examined, in particular both public and private W-Fi based ones;

*Over 324,000 hosted accounts which includes the likes of Drop Box, Box, Slack, etc.  Not sure how access to these accounts were granted, it was not revealed;

*Over 270,000 Email accounts, which included Gmail, Yahoo, Hotmail, Outlook, etc.  Again, the specifics on how access to them were not revealed.

All of this network-based information and data was collected over a 12-month timespan, in which some 95,000,000 triggered events were examined.  So, it is an exhaustive study, and a lot of time and due diligence did take place before publishing the results. 

In fact, this is one of the very few studies that I have come across that actually reveal the parameters that they used in conducting their respective research.  So, from me, they get a huge kudos for doing this.

But now you may also be wondering at this point, what was the methodology that was used in ranking these cities?  Well, Coronet also revealed that as well.  According to them, various mathematical and statistical algorithms (which are of course proprietary in nature) were used to analyze the network information and data based upon the amount of damage that could happen. 

It is my assumption that from here, some sort of aggregate score was calculated, in order to rank the cities.

Also, the endpoints on the network connections were examined as well for any misconfigurations that may occurred upon them.  In this instance, probably the most common one is simply using the default settings as established by the vendor from which they were procured, rather than setting the thresholds to the unique needs of the business in question.

Finally, any sort of malicious activity that took place on these endpoints (such as those Phishing, Malware, Ransomware, etc.). were also taken into consideration and used in calculating the overall score for each major metropolitan city that was ranked.  The only matter I have a question on is how they got access to the Cloud based SaaS and Email accounts, LOL.

When evaluating the list of above cities, it is not really too surprising to see that the major cities are the most prone to Cyberattackers.  As the study concluded, these geographic areas are much in higher in terms of population densities, as well as tourism. 

With the latter group of people, obviously security is the last thing that they would take into consideration when visiting all of the attractions of a big city.

In terms of the most secure cities, I am not at all surprised to see Austin at near of the top of the list.  After all, this area, and in fact all of Texas, is booming in terms of tech growth.  I have heard quite a many of times that Austin in particular, is supposed to be the next Silicon Valley, with the primary advantage being that it will be much cheaper than living in the Bay Area.

But I am quite surprised to see that three major cities from Ohio actually made the list, all at once.  I actually went to grad school there, and it is actually a booming state as well in terms of economic growth as well. 

You don’t hear it about in the news as much as Texas, but economic conditions are great over there.  After all, the state consists of various major cities which include Columbus, Cincinnati, Cleveland, etc. which are all located strategically throughout the state.

My Thoughts On This

Coronet put in a disclaimer in this study that while the large cities in the United States are a prime target for the Cyberattacker, even the smallest ones which nobody has even heard of are also at prime risk as well, and the mom and pop businesses that exist in them. 

This is so true.  As I have written about before, there is no geographic or time boundary for the Cyberattacker.  They can attack from anywhere in the world that they want to, and at any time. 

In fact, they do not even have to reside in a particular place.  If they are covert and smart enough, they can launch a Cyberattack from Shanghai but yet point the trails of attack origination in Vladivostok (which is in Russia). 

But in terms of here in the United States, probably the most important thing that you need to concerned about when you travel is from which Wi-Fi hotspot you log into.

My advice is never log into a public Wi-Fi at the airport, or at of the local cafes or restaurants that you may visit as you travel.  If you have to, try to use your Smartphone to do any Internet related stuff, or even use that device as well and connect to its hotspot. 

All iOS and Android have this particular functionality, and at least it offers the security mechanism of a sort of, hard to guess password.

If you have to use your tablet or notebook, do it only from a secure network connection, such as your friend’s or relative’s house, as you visit them.  It is important to keep in mind, that especially at the airports, a Cyberattacker can also be physically present at these locations and collect all of your PII from a network sniffer tool that is concealed on their person. 

For example, the person that is sitting right next to you at the airport restaurant could be very well a Cyberattacker with a portable network sniffer in their pocket, and they could appear to be the nicest person in the world to you.

Just something to really about.  In fact, Coronet also conducted a recent as well as to the most insecure airports in the United States, and that can be downloaded from this link: