Archive for the ‘Security’ Category

Everything You Needed to Know About Selecting the Perfect Encryption Solutions

The recent spate of malware, phishing, and of course, ransomware attacks have put the entirety of the IT industry on high alert. Businesses are paying more attention to security than ever before, and it’s no longer about getting a random encryption solution and being done with it. Far from it, encryption is only the beginning of a long but rewarding process of shielding your systems against the rising tide of virtual threats. Encryption by itself achieves nothing; you need to adopt several other steps and activities to keep your data far out of reach of hackers and other malicious entities.

Never Underestimate the Importance of Backups

The first thing you should realize is, encryption is a double-edged sword. On the one hand, there are hundreds of ways for your data to become compromised, so you can’t afford to be lax. On the other hand, if implemented incorrectly, the encryption process might just lock you out and prevent access to your own data. That’s why you should always remember to back up all your vital data. As an added precaution, take suitable measures to protect the backup data.

Different Kinds of Data Have Different Encryption Requirements

While on the subject of data protection, you must learn to distinguish between data in motion and data at rest. The former is the type of data that is accessed regularly or being sent. Data at rest, on the other hand, isn’t accessed, such as the files that are burned onto a CD and left on the shelf. Your primary target should be the encryption of data in motion from any user who is not authorized to access that information. However, you should not neglect the data at rest entirely because you never know when it might become data in motion. Use encryption to minimize risks.

Find Out What Data Encryption Works Best For You

Usability, scalability, and adaptability – these are the three things every good encryption solution should aspire to provide to users. After all, the needs and wants of every business are different, which means the encryption solution must have the ability to fit those parameters. When the needs change, the encryption must cope with the changes as well. Thankfully, we now have lots of encryption solutions that are flexible enough to fulfill your requirements. Also, the encryption solution chosen must not take up a lot of time during implementation and should be easily understandable. Otherwise, the usability of the strategy takes a hit in the long run and makes everyday usage difficult.

Have a Fixed Budget in Mind

Unless you’re one of the high rollers of the IT industry, like Apple and Amazon, chances have you don’t have an unlimited encryption budget. So, what you need are ways to trim costs without having to sacrifice data protection quality. For instance, your business would do better to pick an encryption solution that is scalable, meaning you would have the opportunity to add new features, if necessary.
True, a scalable encryption solution costs more upfront, but think about it: Would you rather spend some extra money now on an adaptable solution, or keep on upgrading and renewing your program on a regular basis?
Plus, keep in mind that encryption solutions are available as perpetual licenses with annual support and maintenance costs, or as subscription licenses that offer more financial flexibility and provide the opportunity to manage costs. So, pick the model that suits your business needs the best.

Select the Right Encryption Level for Your Business

The complexity of deployment and security increases when encryption is implemented higher in the technology stack. At higher levels, it is possible to break out of data encryption types according to where they are employed in the technology stack. Four levels exist in the technology stack whereby data encryption is normally employed, viz. database, file system, application, and media or full-disk. The way it works is, encryptions employed lower in the track trend to have simpler and less intrusive implementations. But the types and numbers of digital issues that can be addressed by these data encryption strategies are also decreased. But employing the encryption solution higher in the stack enables organizations to achieve greater security and contend with bigger threats.

Do Not Pick Something Overly Complicated

When you first approach an encryption solutions provider, you will hear a lot of fancy words being thrown around, like “complex password rules”, “crypto algorithms”, and “granular configuration options”. Unfortunately, most of these features have no meaning unless you know how to wield them properly. And that means providing costly consulting services and training for your employees. Moreover, several advanced solutions possess high requirements when it comes to system environment needed for operating the software. Others rely on existing, rolled-out PKI (public key infrastructures).
You need to clarify all these points before you invest a lot of money on the solution. Pay attention to multiple factors, including support for workgroups, central administration options, impact on existing user workflows, power divide between a security officer and system administrator, straightforward configurations, and emergency recovery in case of accidental key loss.

The thing is, you should never allow yourself to be waylaid by flashy technical gimmicks; always keep your eyes on the prize, which in this instance, is the perfect encryption solution for your business. Always go for the product that you think will be suitable for daily use in the long run.

The abovementioned points might not explicitly state the perfect encryption solution, but reading them can help you take a step in the right direction. They should provide you with more insight and help you formulate a more personalized strategy. Ideally, companies want encryption solutions that fit the needs of their business and ward off data attacks from all quarters without putting a huge dent in their budget. That might sound like a tall order, but considering the current state of digital affairs and the growing intensity of online threats, it is worth spending time and money to find a solution that meets all the criteria.

A Brief Overview of Threat Intelligence

In this volatile age of cybersecurity, the remaining constant has been the accelerating flood of crafty attack techniques that render organizations incapable of safeguarding the sensitive data in their care – be it attacks involving social engineering, malware, or any other advanced persistent threat. Threat intelligence, also referred to as cyber threat intelligence (CTI) is a sophisticated process that enables organizations to collect invaluable insights into contextual and situational risks that can be tied to the organization’s specific industrial processes, markets, and threat landscape.

The prime purpose of threat intelligence is to aid organizations in attaining a deeper understanding of the risks associated with recurrent and parlous external threats. Though threat actors may also include partner and internal (insider) threats, the emphasis should be on the types that will have the largest impact on the organization’s environment. The goal of threat intelligence is to gather indicators of compromise from varying sources, correlate them, and provide real-time analysis of security alerts so that it can be continuously monitored and examined by security analysts, who will be better equipped to take the right remediation steps.

Threat intelligence plays a key role in today’s cybersecurity landscape, and it has to be properly understood by IT admins working in the different domains of cybersecurity, especially those that work closely with incident response teams.

Stronger Together – A Case for Information Sharing

In a fast-paced digital economy, speed and efficacy are imperative. This means that the amount of data networks manage has exponentially increased, along with the number of devices connected to those networks. Enterprises cannot protect what they cannot see. So in addition to integrated security devices and increased performance; there should be a holistic approach that capitalizes on the value of threat intelligence and detects threat events from the vast volumes of available data. Threat intelligence collected from multitudinous sources, then processed and correlated, is the most valuable, effective, and actionable.

This ‘higher-level’ intelligence has historically been out of the reach of most organizations. In an attempt to bridge this gap, Fortinet along with Symantec, Palo Alto Networks and McAfee formed the Cyber Threat Alliance (CTA). CTA has since been established as an independent organization whose sole mandate is to provide security professionals with the technology and intelligence they require to identify an attack.

Crippling the Kill Chain: The cyber kill chain refers to the multi-phase process of how intruders launch their attacks. To win the battle against the intruder, organizations have to disrupt just one of those steps. CTA helps reduce time to detection by providing near real-time, high-quality cyber threat information sharing and operational coordination between the organization in the cybersecurity field. By utilizing contextual information about the attack – such as the way attackers stole credentials and sensitive data, or the malware being used, organizations are able to get an upper hand, even if the hackers have already compromised the network.

Moving Forward With Threat Intelligence

Coupling the capabilities of threat intelligence with an organizations hardware, software, and policy defense strategy improves the staff’s ability to look for advanced attacks, detect potential intruders, and profile aberrant malware. Current practice mostly involves sharing indicators of compromise (IOCs). As the community matures, the next step should be sharing more context to inform better decision making and direction on a defensive action plan. In order to achieve the promise of threat intelligence, organizations have to tackle and conquer their hesitancy to share information by maturing and expanding their circles of trust.

The cybersecurity industry still has to address the lack of funding, isolated security solutions, scanty correlation of threat data, and the growing shortage of qualified cybersecurity professionals. The end-game should be the automation of cybersecurity processes where possible, freeing up the finite pool of human InfoSec talent for more challenging tasks. Strides are being made in creating machine-learning and data science models that are capable of evaluating network traffic based on the collective knowledge of all previous external and internal threats to verify discrepancies that may evolve into threats.

In Closing

Enterprises solely rely on IT security risk management methods in an attempt to focus on security controls, but these methods have not evolved enough to effectively manage risk. To defend against modern attackers, enterprise security solutions have to be adaptable enough to include new techniques that enhance decision making. Adding threat intelligence to a security solution, whether via a service provider or an internal capability, helps organizations prioritize their security activities and focus on the areas that are likely to prevent attackers.

By using the right methods to identify, handle and prevent these issues, the cost of addressing these problems can significantly be reduced. With a healthy mix of threat intelligence, behavioral threat detection, and endpoint device monitoring, organizations can position themselves to stop intruders in their tracks and expel them from the network if they manage to get in.

 

Author: Gabriel Lando

The Importance of Endpoint Security in a Mobile-first, Cloud-first Era

The number of client devices within the enterprise has rapidly increased – endpoints such as tablets, smartphones, laptops and desktops. A single employee may have two or more endpoints that have been issued by the organization, on top of their personal devices. Multiply this by the number of end-users in the organization and the number of endpoints IT has to manage instantly becomes overwhelming. Each of these endpoints represents a point of multiple attacks against the organization’s network, systems, and sensitive data. Securing these endpoints from today’s threats calls for a mix of anti-malware capabilities and a high level of behavioral-based detection and visibility. This is where endpoint security comes in.

While the exact definition may vary among thought leaders in the cyber security space; in a nutshell, endpoint security refers to the process of ensuring that the risks presented by endpoints connected to a network – end-user devices are secured. Though often used interchangeably with endpoint security, the term endpoint protection can be used to describe the security solutions that addresses these risks. By equipping itself with these solutions, the organization has a chance to detect threat actors that use evasive tactics, and reduce the amount of time it takes to handle attacks and minimize the resulting damage.

The Current State of the Market

The online threat landscape is constantly evolving. There has recently been a lot of fuss concerning ransomware due to the rise in malware attacks. The new technologies used by hackers to penetrate systems require a different approach to prevent infection. Risk management and security leaders have to make sure that their enterprise protection platform (EPP) vendor evolves quickly enough to keep up with modern threats. Gartner describes an EPP as a solution deployed on endpoint devices to prevent file-based malware attacks, to detect and stop malicious activity from untrusted and trusted applications, and to offer the investigation capabilities required to respond to security incidents and alerts.

From Gartner’s recent Magic Quadrant for EPPs, we notice that the market listing criteria rose, and now needed to demonstrate even more capability beyond previous core technology offerings. A 2017 Sophos sponsored research study showed that 77 percent of surveyed ransomware victims running up-to-date endpoint security found out the hard way that they needed specialized protection. Following the high-profile Peyta and WannaCry outbreaks in 2017, a whopping 98 percent agreed that having additional technologies such as anti-ransomware technology on the endpoint is important.

Though not all attackers rely on malware, they remain prolific, and keep pounding endpoints relentlessly. The barrage of attacks has also been augmented by a growing number of more complex threat activity. These attacks often use modified or specialized tradecraft to bypass traditional security controls like antivirus and firewalls. Endpoint Protection Platforms surpasses the mere prevention of malware attacks, with data protection capabilities such as data loss prevention, file and disk encryption, and even device control for the most exhaustive endpoint protection possible.

Facing The Mounting Endpoint Security Challenges

Ruminating on the WannaCry ransomware attacks, some companies that were affected by it had the most recent operating system, just not the latest patch. This attack accentuated the perilous reality of outdated systems and the widespread nature of anachronistic technology that most companies are struggling with. When new vulnerabilities are identified, IT has to swiftly query endpoints to comprehend which devices pose the greatest risk and establish their level of exposure. After a remediation plan is established, security personnel should closely collaborate with infrastructure teams to make sure highest priority patches are rolled out as efficiently as possible to block the exploitation of these new vulnerabilities.

Endpoint landscapes are constantly evolving, and it’s no secret that keeping up with the changes can be arduous. End users perpetually download applications that haven’t been sanctioned by IT, some which may contain harmful malware. Application and operating system patches are hard to prioritize and aren’t always applied successfully the first time, especially on roaming or remote endpoints with inconsistent corporate network activity or low bandwidth. The hard truth is that endpoint management is a constant battle. That’s why you have to have a solution that allows you to manage, discover and secure your endpoints faster, more consistently and more easily.

Critical Components of Endpoint Protection

Visibility – Securing endpoints calls for round the clock visibility into the activities occurring on those endpoints. Preventing attackers is less about signature-based detection and more about spotting malicious behavior. Understanding the actions attackers took when they penetrated the network is crucial for an organization to enhance its security posture after a breach.

Threat Intelligence – mainly involves gaining insight into potential attackers, their motivations, and their techniques. The more organizations focus on signs of malicious activity, the easier it gets to prevent those that would have, otherwise, slipped under the radar. Threat intelligence allows the enterprise to see the larger picture.

Endpoint Encryption – fully encrypts sensitive corporate data on endpoints, including mobile devices, laptops and other endpoints, as well as individual files, folders, and removable storage devices like thumb drives and CD’s.

Endpoint data loss prevention (DLP) – monitors and protects network traffic when the endpoint is on a remote network, ensuring sensitive data stored on the endpoint is kept safe. It also tracks other usage like cutting and pasting between apps, or even moving a file to a portable storage.

Enterprise mobile device management (MDM) – allows IT admins to secure, control and enforce policies on tablets, smartphones and other endpoints. Enterprise MDM is essentially a suite of security controls that protects sensitive data on an endpoint.

 

Author: Gabriel Lando

Key Aspects of an Identity Access Management (IAM) Strategy

In today’s technology driven business climate, employees require fast and simple access to data and other IT resources to complete their work. Access to these resources have to be tracked and protected to guarantee security and compliance with stringent IT regulations. As a result, IT admins have to deal with a growing number of challenges: assisting users with password issues, managing access to data and applications, provisioning users across multiple platforms, and more. Identity Access Management (IAM) facilitates the secure access of IT resources and services.

IAM ensures that users are who they say they are (authorization) and that they are capable of accessing the resources and applications they are permitted to use (authorization). Its an integration of work flow systems that necessitates organizational think tanks who analyze and make security systems work efficiently. Processes, protocols, procedures and policies are linked to IAM. Security and identity applications are also crucial considerations.

Applications and standards of IAM include singular sign-on (SSO), various application accesses, the maintenance of user life cycles, multi-factor authentication (MFA), as well as a directory for securely storing profile and identity data and data governance to ensure that only relevant and required data is shared. IAM solutions can be deployed on premises, offered by a third party via a cloud-based subscription model, or a hybrid IT model comprising of an amalgamation of both.

Trends that have solidified IAM

Mobile Computing

Mobility is an important part of a modern enterprise. Organizations have adopted the bring-your-own-device (BYOD) approach to provide remote access to corporate data and business applications. IAM is a solid enabler of mobile computing and acts as a key component in mobile computing security. To enable these devices to access the organizations’ resources efficiently and quickly, mobile devices have to utilize identification mechanisms that validate and/or verify the user. As a result, confirming the identity of a mobile device user
safely facilitates the users access to business applications anytime, anywhere.

Cloud Computing

The rising demand of cloud computing services has made the IAM landscape more complex since control over access to corporate data is difficult to sustain in such an environment. The adoption of cloud computing solutions has resulted in a decreased reliance on network access controls and an increased reliance on logical controls provided by IAM services. These services facilitate the secure access of apps hosted on the cloud, while managing identities, including protecting personally identifiable information (PII). Managing virtual resources in a cloud environment calls for increased rights that when compromised, may grant attackers the ability to commandeer valuable targets in the cloud.

Social Media

The world is more connected that it has ever been, and social media is at the helm of if it. Organizations use social media to interact with clients and boost brand awareness; however, there are some resultant IAM risks that come with these technologies. Public relations, operations, and regulatory compliance are at the top of the list of potential social media risks. On top of using IAM to protect company-owned social media accounts, employees should also be educated on the importance of using social media with caution.

Data Loss Prevention

In this digital age, data is the lifeblood of the organization. IAM is the first line of defense when protecting said data. Data loss prevention (DLP) is a complimentary information security discipline that can be improved when leveraged with IAM capabilities. IAM provides identity context to DLP tools to enhance monitoring capabilities. Controlling access to data reduces the likelihood of a data loss incident – limiting users with access to data results in fewer opportunities for data to be intentionally or inadvertently compromised by an external or internal user.

Stringent Compliance Requirements

Several governments require enterprises to pay close attention to identity management. Regulations like HIPAA hold companies accountable for controlling access to employee and client information. The most recent regulation that demands strong user access controls and security is the General Data Protection Regulation (GDPR). It mandates that organizations safeguard the personal data of EU citizens. Complying to these government regulations calls for the automation of several aspects of providing secure user access to data and enterprise networks. IAM systems relieve IT of monotonous but crucial tasks and help them stay in compliance with strict government regulations.

A properly implemented IAM strategy can help an enterprise deal with the first pace of emerging technology trends. Below are some of the key aspects that should be included:

1. People are at the center of it

The most important stakeholder affected by an IAM strategy is the user. End users can make or break your security. Security is crucial but so is convenience. Significant efforts have to be made towards streamlining the process of accessing business data or applications. Authentication steps should be limited as much as possible. When the process of accessing emails or account portals seems to tedious or too long, people may seek quicker alternatives, inadvertently limiting the efficacy of your security controls. IAM solutions shouldn’t be exclusively used to control access by employees to business resources; a holistic IAM strategy should include identity and access management solutions for their clients.

2. It is Constantly Being Iterated

IT is continually evolving, but the speed of change in how companies off all sizes operate and interact has never been more frenetic. At its core, IAM aims to associate all activities within an environment with specific device or user and report those activities. The best IAM strategies are constantly being iterated. Scopes and requirements have to be reaffirmed and success metrics have to be redefined, by accessing the current state of the strategy, and defining its future state. Comprehensively auditing current processes and practices on a regular basis provides insight into exactly what types of systems are used by employees to transfer and share information.

3. Compliance is a top consideration

Current regulations governing the transmission and use of data are the direct result of State and Federal governments, and industry alliances attempting to stifle the threat of data theft. Its crucial to ensure that compliance guidelines and risk management are built into the identity management strategy. Privacy management and data access governance is an important aspect of IAM. It controls who is capable of accessing user data and how they can share or use it. This means that organizations can be sure to meet the growing requirements of changing industry and global data privacy regulations like the General Data Protection Regulation (GDPR).

4. It Leverages Cloud Computing

Adding identity and access management tools to existing on-premises solutions is seldom secure or efficient. Since applications, devices and networks all support varying protocols; this approach typically results in a contrasting collection of homegrown IAM solutions that lack centralized controls, compromising the entire layer of identity controls. Cloud based Identity and Access Management-as-a-Service (IDaaS) can simplify even the most complex user management challenges. It not only facilitates the rapid rollout of new capabilities, but also solves the issue of finding and hiring security personnel with the skill to support on-premises IAM solutions. Some cloud-based IAM solutions can benefit from include: Directory service, Single sign-on (SSO), Multifactor Authentication (MFA), OpenID connect (OIDC), OAuth, Security Assertion Markup Language (SAML) and other standards and protocols for the exchange of authorization and authentication.

5. It’s an Impetus for Collaboration

IAM systems foster collaboration by breaking down the barriers to access for employees, allowing them to work and safely share information across the organization. By utilizing authentication standards, IAM lays the groundwork to carefully share identity information across a variety of mobile applications, on-premises apps, and SaaS tools without compromising security. This expediency and ease of use will likely drive collaboration throughout the organization, enhancing employee satisfaction, productivity, research and development, and revenue.

Author: Gabriel Lando 

Everything You Needed to Know About Selecting the Perfect Encryption Solutions

The recent spate of malware, phishing, and of course, ransomware attacks have put the entirety of the IT industry on high alert. Businesses are paying more attention to security than ever before, and it’s no longer about getting a random encryption solution and being done with it. Far from it, encryption is only the beginning of a long but rewarding process of shielding your systems against the rising tide of virtual threats. Encryption by itself achieves nothing; you need to adopt several other steps and activities to keep your data far out of reach of hackers and other malicious entities.

Never Underestimate the Importance of Backups

 

The first thing you should realize is, encryption is a double-edged sword. On the one hand, there are hundreds of ways for your data to become compromised, so you can’t afford to be lax. On the other hand, if implemented incorrectly, the encryption process might just lock you out and prevent access to your own data. That’s why you should always remember to back up all your vital data. As an added precaution, take suitable measures to protect the backup data.

Different Kinds of Data Have Different Encryption Requirements

 

While on the subject of data protection, you must learn to distinguish between data in motion and data at rest. The former is the type of data that is accessed regularly or being sent. Data at rest, on the other hand, isn’t accessed, such as the files that are burned onto a CD and left on the shelf. Your primary target should be the encryption of data in motion from any user who is not authorized to access that information. However, you should not neglect the data at rest entirely because you never know when it might become data in motion. Use encryption to minimize risks.

Find Out What Data Encryption Works Best For You

 

Usability, scalability, and adaptability – these are the three things every good encryption solution should aspire to provide to users. After all, the needs and wants of every business are different, which means the encryption solution must have the ability to fit those parameters. When the needs change, the encryption must cope with the changes as well. Thankfully, we now have lots of encryption solutions that are flexible enough to fulfil your requirements. Also, the encryption solution chosen must not take up a lot of time during implementation and should be easily understandable. Otherwise, the usability of the strategy takes a hit in the long run and makes everyday usage difficult.

Have a Fixed Budget in Mind

Unless you’re one of the high rollers of the IT industry, like Apple and Amazon, chances have you don’t have an unlimited encryption budget. So, what you need are ways to trim costs without having to sacrifice data protection quality. For instance, your business would do better to pick an encryption solution that is scalable, meaning you would have the opportunity to add new features, if necessary.

True, a scalable encryption solution costs more upfront, but think about it: Would you rather spend some extra money now on an adaptable solution, or keep on upgrading and renewing your program on a regular basis?

Plus, keep in mind that encryption solutions are available as perpetual licenses with annual support and maintenance costs, or as subscription licenses that offer more financial flexibility and provide the opportunity to manage costs. So, pick the model that suits your business needs the best.

Select the Right Encryption Level for Your Business

The complexity of deployment and security increases when encryption is implemented higher in the technology stack. At higher levels, it is possible to break out of data encryption types according to where they are employed in the technology stack. Four levels exist in the technology stack whereby data encryption is normally employed, viz. database, file system, application, and media or full-disk. The way it works is, encryptions employed lower in the track trend to have simpler and less intrusive implementations. But the types and numbers of digital issues that can be addressed by these data encryption strategies are also decreased. But employing the encryption solution higher in the stack enables organizations to achieve greater security and contend with bigger threats.

Do Not Pick Something Overly Complicated

 

When you first approach an encryption solutions provider, you will hear a lot of fancy words being thrown around, like “complex password rules”, “crypto algorithms”, and “granular configuration options”. Unfortunately, most of these features have no meaning unless you know how to wield them properly. And that means providing costly consulting services and training for your employees. Moreover, several advanced solutions possess high requirements when it comes to system environment needed for operating the software. Others rely on existing, rolled-out PKI (public key infrastructures).

You need to clarify all these points before you invest a lot of money on the solution. Pay attention to multiple factors, including support for workgroups, central administration options, impact on existing user workflows, power divide between a security officer and system administrator, straightforward configurations, and emergency recovery in case of accidental key loss.

 

The thing is, you should never allow yourself to be waylaid by flashy technical gimmicks; always keep your eyes on the prize, which in this instance, is the perfect encryption solution for your business. Always go for the product that you think will be suitable for daily use in the long run.

 

The abovementioned points might not explicitly state the perfect encryption solution, but reading them can help you take a step in the right direction. They should provide you with more insight and help you formulate a more personalized strategy. Ideally, companies want encryption solutions that fit the needs of their business and ward off data attacks from all quarters without putting a huge dent in their budget. That might sound like a tall order, but considering the current state of digital affairs and the growing intensity of online threats, it is worth spending time and money to find a solution that meets all the criteria.

The Changing Face of Data Governance

In our age of data-driven decision making, the new GDPR laws have once again brought the criticality of data governance to the forefront. Believed to be one of the most extensive revisions to the European data protection and privacy legislation, GDPR and its associated changes have presented businesses with the unique opportunity to organize their data houses.

So, executives should consult with experts familiar with GDPR on its impact on their operations. Businesses need to get used to the idea of handing over control of the data they share with people; only then can they achieve GDPR compliance and establish a better rapport with customers. But how does data governance figure into all this? Find out below:

 

 

Shortcomings in Traditional Data Governance

 

 

There’s nothing wrong with traditional data governance; in fact, it offers a rigorous and strategic framework for designing outline roles, data standards, and responsibilities, along with procedures and policies for data management throughout the organization. What’s more, without traditional data governance, businesses wouldn’t have been able to increase their efficiency and productivity in the use of core business data resources in data and transactional warehousing environments.

The focus of these methods was on data quality, trust, and protection, and they were great for recognized data sources that had known value. However, the modern industry is full of unstructured or unknown data sources like IoT and big data, and traditional data governance just can’t keep up. With the added features of machine learning and artificial intelligence, the shortcomings of the conventional approach are becoming obvious.

Owing to their rigid structure, conventional data governance procedures and policies hinder the possibilities formed by advanced analytics and data technologies by forcing them to fit the age-old mould for legacy infrastructure and data platforms.

 

 

Impact of Emerging Technologies

 

 

IoT provides thousands of unrelated data sources a chance to connect on the same platform. IoT gadgets are more than just data source; they are data generators and gatherers. Sensors, wearable devices, and other modern computing technology can accumulate data by the millisecond and stream the same data into a cloud of possible consumers.

Artificial intelligence and machine learning systems analyze the data in real-time to identify relationships and patterns, gain knowledge, and plan a suitable course of action. While these are data-based autonomous actions rather than explicit instruction or programming, they possess the power to find gaps or extra data requirements and send requests back to the IoT gadgets for collecting or generating fresh data.

Traditional data governance makes the onboarding of IoT devices very difficult because of conventional authorization and validation needs. To foster machine learning and artificial intelligence in these initial stages, the data lifecycle must rely on non-conformity with predefined standards and rules. So, governance must allow new data to be incorporated quickly and efficiently, and offer mechanisms to mitigate dangers, maximize value, and encourage exploration.

 

AI and IoT under the New Data Governance Methods

 

Concepts like IoT and AI aren’t new but they are still highly competitive markets for businesses. While the two undergo expansion, they tend to hypercharge the growing volume of data, especially unstructured data, to unexpected levels. As a result, the volume, velocity, and variety of data increase in unison. And as the volume rises, so does the speed and velocity at which data need to be processed. In such cases, the types of unstructured data increases as well. To manage all this, businesses have to implement the necessary data governance.

Storage and Retention

Big data has increased the variety and volume of data considerably, which means more data storage is a necessity. Data storage and data integration and provisioning are used interchangeably, but they are very distinct. Governance must address them separately and appropriately. While storage normally means the way data is physically retained by the organization, in conventional data management methods, the data storage technology impacts the storage requirements like size and structural limitations. Along with retention practices and budget limitations, often dependent on compliance, these needs restrict the amount of data stored by the business at a certain time.

 

 

 

Security and Privacy

 

 

Security and privacy are the major areas of focus for conventional data governance. But new technologies expand the scope of what needs to be secured and protected, emphasizing the need for additional protection. Even though “privacy” and “security” are thought to be one and the same, they are not.

Security strategies safeguard the integrity, confidentiality, and availability of data created, acquired, and maintained by the company. Security exclusively means protecting data, while privacy is more about protecting entities, like individuals and businesses. Privacy programs make certain that the interests and rights of an individual to control, use, and access their private details are protected and upheld. However, without a successful security strategy, a privacy program is unable to exist. Privacy needs often inform policies in large-scale security operations, but the program itself influences the processes and technology need to implement the necessary controls and protection.

As far as IoT is concerned, security is one of the most crucial aspects. The regular addition of systems and devices constantly leads to new vulnerabilities. Even though business comes first, protection is possible only if they protect and secure the network along with every touch point where data travels. Thanks to IoT, data security isn’t just about permissions and access on a given system. Data protection now incorporates network segmentation, data encryption, data masking, device-to-device authentication, cybersecurity monitoring, and network segmentation. That’s a whole lot more than what traditional governance programs envision.

 

Escalated Digital Transformation

 

The changes in digital transformation will be far-reaching. In fact, the new data governance measures will accelerate the process, thereby rewarding organizations that commit to more than just compliance with data governance. Moreover, a stronger foundation in the field of data governance will provide organizations with various benefits, such as increased operational efficiency, decision-making, improved data understanding, greater revenue, and better data quality.

Data-driven businesses have long enjoyed these advantages, using them to dominate and disrupt their respective industries. But it’s not just meant for large businesses. The moment is right, for your company to de-silo data governance and treat like a strategic operation.

Data governance is changing, and you need to work hard to keep up or get left behind in the industry. However, you can follow the tips given below for the best health and ensure your company is prepared for GDPR.

 

Author : Rahul Sharma

The Biggest Threats from the Dark Web That Keep Businesses on Their Toes

Beyond the glitz, glamour, and glory of the World Wide Web as we know it is a virtual world that’s not half as bright. It’s the dark web. Technically speaking, it’s a network of web pages that can’t be indexed by normal search engines. The anonymity of this network means it brings out the worse in human beings more often than it makes good things happen. The dark web has been known to facilitate an exchange of illicit goods such as firearms, drugs, child pornography, and what not. Very recently, an Instagram hack revealed the personal contact details of the world’s top celebrities, which were duly put for sale at prices like $10 apiece by cybercriminals on the dark web.

 

Deep Web, Dark Web, Darkness, Binary, Code, Null, One

Why Should The Dark Web Be A Matter of Concern for Businesses?

Governments around the world have been making rapid strides in bringing down the shutters on dark web networks. The question is – what implications does this nefarious network has on businesses? Well, the dark web is said to be the dark side of the Internet city, where cybercriminals reside and run their black market of trade of information, digital tools, and physical materials that are then used to commit crimes, inflict self-harm, and perpetuate negative propaganda in communities. For instance, ransomware script creation tools, keyloggers, phishing kits and manuals – everything is available for sale on the dark web. It’s the platform for selling Cyber-crime as a Service!

Dark Web: A Black Market for Sale and Purchase of Stolen Corporate Data

Agreed – it’s a bad place if people sell firearms and drugs using this network. That’s a government problem, though, and not a business problem. Well, it’s estimated that at least one-third of the dark web activity is about the sale and purchase of corporate data. This includes, but isn’t limited to:

  • Login credentials to enterprise applications, stolen from careless and unsuspecting employees
  • Extracts of email addresses and phone numbers of several thousands of employees of big businesses
  • Email threads mentioning keywords such as hiring, resign, pay, cost, etc., which can be used to leak important information or to blackmail key executives

https://upload.wikimedia.org/wikipedia/commons/thumb/8/8f/Deep_Web.svg/1200px-Deep_Web.svg.png

 

 

Real World Examples of How the Dark Web is Keeping Businesses at the Edge

Nothing explains the real impact of dark web activity on business organizations of all scales and sizes like some recent examples. Here’s a list of the top examples:

  • The Australian Tax Office had to suspend its use of Medicare cards after realizing that many of these identities were for sale on the dark web.
  • In Sep 2017, UK dailies carried news of how month long valid UK rail passes were available at 15% of their market value, on the dark web, with the scam’s financial impact estimated at £200m.
  • Among the hottest selling products on the dark web are ransomware development kits for Android that don’t require the user to have any coding experience to make it work!
  • It’s common for cybercriminals to offer the money back guarantees on digital assets such as corporate employee identities, if the identities don’t prove to be at least 80% accurate, for instance!

 

Dark Web and Insider Threats: A Deadly Combination

Because of the unbelievable success and sustenance that the dark web has enjoyed for the past decade, in spite of public knowledge of its despicable existence, immoral web users are tempted to earn a bit of easy money by participating in dark web related crime. The simplest example is of an insider of your business, one of the thousands of employees, who’s willing to share seemingly innocuous information (such as a list of email IDs of people who worked for the company in the past 5 years). A more dreadful example is that of the insider willingly compromising company network security to let a cyber-criminal access sensitive information. The same could be done by negligent employees, as well as rogue intruders who have access to stolen application login credentials.

 

The solution: enterprise IT security teams need to be proactive about monitoring user behaviour, accessing risks, proactively looking for process weak spots, and advancing the general security awareness of the staff.

 

Technology to Detect Data Breaches on the Dark Web

Traditionally, enterprise capabilities of detecting data leakages on the dark web have been staggeringly insufficient. It’s estimated that in Europe, the time delay between a data breach and its detection is 469 days. This makes it mandatory that organizations be super cautious about data breaches. Because the dark web is non-indexable, detection becomes difficult, even if your corporate information is the hottest discussed topic there. Thankfully, organizations now have access to monitoring tools that can look beyond the indexable web. This means that if a dark web cyber-criminal openly discusses your business or creates a listing of your digital assets, you’d come to know within minutes.

 

GDPR and Dark Web: The Stakes Are Higher Than Ever

When GDPR becomes legally binding for businesses in May 2018, the implications of a data breach will be much higher than what they are today. GDPR allows organizations a period of 72 hours to report a data breach after becoming aware of it. Remember the Uber data breach? The company didn’t reveal its knowledge of the breach for more than a year. Had GDPR been in force then, Uber could have been staring at penalties to the tune of tens of millions of pounds. Organizations run the risk of being penalized up to 4% of their revenue if they fail to comply. The dark web is one of the major challenges that companies will face as they try to stay on the right side of the lines drawn by GDPR.

 

Concluding Remarks

Bring in dedicated capabilities to combat the security risks posed by the dark web. Embrace monitoring tools that can ‘listen’ for discussions relevant to you on the dark web. The dark web is a dark reality, and it’s more closely linked to your business than you’d care to acknowledge.

Reliable Tips That Will Prevent You From Being Victimized by Ransomware

In spite of the fact that it’s causing millions of dollars of cybercrime-related damage to businesses annually, not many enterprise computer users truly understand what ransomware is. Naturally, till the time WannaCry and Petya ransomware attacks became global discussion points in the first half of 2017, even the general understanding of this form of cybercrime wasn’t any good. A recent survey done with business executives revealed that 1 in 3 would agree to pay to retrieve stolen or locked data. For organizations that have already been targeted once, the percentage becomes almost double (55%).

 

A Refresher on Ransomware

Ransomware is perpetrated via spam links and phishing emails, which eventually lead to the installation of codes that lock out your computer’s data, after which the perpetrators ask you to pay ransom to get the data unlocked. Because business and massive financial value (even if it’s notional) it’s clear that the ‘revenue model’ of ransomware will keep on motivating cybercriminals to advance their means and methods. The responsibility of keeping your data secure rests with you. And there’s a lot you can do. Read on.

 

Become a Data Backup Ninja

Why would anybody pay a ransom if they had another copy of the locked data available! The way to do so has become a process at backing up your business data. For starters, you have the option of storing your data in external hard disks. That’s because the costs per GB of this mode of storage are dropping regularly. Then, there are many affordable clouds based storage service that you can trust to automatically sync up your imports data folders to an online database, ensuring you always have the latest data backup ready. Even cybersecurity experts agree; next to having a reliable anti ransomware software protecting your computers, taking regular backups is the best way to stay safe from ransomware.

 

Separate Personal and Work Activity to Different Hardware

Your business data is invaluable. Separating business and personal work to different hardware can be a pain, but the rewards are worth the pain.

Invariably, the applications and web-based tools you use for personal work aren’t half as secured as the applications that your business’ IT team takes care of. Don’t let convenience become a cause of falling prey to ransomware.

 

Educate End Users about Ransomware Cyber Crime and Related Tactics

Lack of awareness that cyber criminals are out there on the prowl is a major reason why people end up as victims of ransomware. To make things better, leading organizations are already using these strategies:

  • Conducting regular training to make employees aware of terms such as spear phishing, social engineering, etc.
  • Simulating social engineering attacks with the help of internal IT to showcase vulnerability
  • Making it mandatory for end users to pass regular security quizzes and tests

 

It’s high time you used a mix of these strategies.

Patch, patch, and patch

 

Ransomware primarily targets minute security flaws in popularity enterprise software. By keeping applications at their best stable state ensures you plug the monitor gaps that cybercriminals can otherwise exploit.

 

Thankfully, most enterprise software vendors release security upgrades frequently. The best practices are to always embrace these upgrades. Activate the automatic update option for your business applications.

 

Add Later After Layer of Security

Having a layered approach to foil ransomware attacks in particular and malware in general works great guns for a business. This means making the conscious effort to not depend on a single mechanism of keeping ransomware at bay. So, a firewall won’t do alone. It must be supplemented by strong antivirus, with specific ransomware combat capabilities.

 

Thankfully, this doesn’t always mean that you have to inflate your cybersecurity budgets because most security products tend to anyways bring in a layered protection approach. Also, remember that most ransomware codes run execution files from the Windows App Data folder or the equivalent folder on other operating systems. So, disable the permissions for executable files to be run from these locations.

 

Cryptolocker ransomware

 

Restrict Privileges of Computers Operating As A Part of a Network

The big difference that ransomware makes on a computer that’s a part of a large network is that once one of the computers if affected, the ransomware can duplicate itself on all other computers in the network, and hence, multiply the damage. This is exactly why cybercrime groups target business networks most often.

Ransomware gets the same privileges as the computer it’s hosted in. So, if an infected computer has local or global admin privileges, the ransomware will be able to use the same wrack havoc. Surely enough, such a network will witness most computers infected with the same ransomware, because of the lack of control over admin privileges.

You’d much rather struggle with ransomware on one computer, than ransomware on the entire network.

 

http://picpedia.org/highway-signs/images/ransomware.jpg

Use Latest Versions of Web Browsers

Since most ransomware installations initiate from web activity, you need to do everything possible to keep your Internet sessions safe. One reliable method is to always update Mozilla Firefox, IE, Chrome, or whichever browser you’re using because the upgrades invariably make the browser more secure against newer kinds of malware.

 

https://media.defense.gov/2017/Jun/06/2001758041/780/780/0/170606-F-AY392-0001.JPG

 

Be Convinced Before You Open a File

We’re living in times where we encounter attempts of cyber-crime (of varying intensity) almost every day. Drastic problems call for drastic measures; one of them is to be careful about what you click on and open from the web. Emails, in particular, are a primary source for cybercriminals to send carefully planned messages with infected files, or malicious links, which lead to malware (specifically, ransomware) installations. So, if you make it a practice to question the source of emails before opening any attached files, you will significantly improve your prospects of staying protected from ransomware.

 

Concluding Remarks

As we finish finalizing this piece, the Atlanta ransomware attack news (25 March 2018) is beginning to send the world into another frenzy! These are tough times; stay secure.

 

 

Author – Rahul Sharma

Machine Vs Machine: A Look at AI-Powered Ransomware

Cyber-crime is a fast growing industry because it’s a simple way for nefarious people with computer skills to make money. Ransomware in particular, has been an ongoing security nightmare for the last couple of years. With attacks like WannaCry, which infected about 400,000 computers in 150 countries, making headlines for their ability to fuel fears about the vulnerability of data. It has gone from the 22nd most common form of malware to the 5th most prevalent type.

According to a recent survey from Sophos, 54 percent of surveyed companies reported having being hit by a Ransomware attack in 2017. Another 31 percent expect it to happen again in the near future. The data collected indicated that the average cost of a single Ransomware attack (including downtime, manpower, and network costs) was $133,000. Five percent of the respondents blazoned total costs of up to $6 million, exclusive of the ransom paid.

Ransomware is not necessarily more dangerous or trickier compared to other forms of malware that finds its way into your computer, but it can definitely be more aggravating, and often times devastating. As concerns around the weaponized use of Artificial Intelligence (AI) rises, one can’t help but imagine what an AI powered Ransomware attack would look like.

An AI-driven Arms Race

While some analyst tout AI as the key to overcoming security gaps within the enterprise, its actually a double-edged sword. As the maturity and abilities of AI, machine learning, and natural language processing improve, an arms race between security professionals and hackers is on the horizon. Researchers and security firms have been using machine learning models and other AI technologies for some time to better forecast attacks, and identify ones that are already underway.

Its highly probable that criminal collectives and hackers will use the technology to strike back. Security experts surmise that once AI development reaches consumer level adoption, cases of its use in malicious attacks will skyrocket. Ultimately, malware authors may begin creating machine learning models that learn from disruption detection models, defensive responses, and exploiting new vulnerabilities quicker than defenders can patch them.

According to a 2018 McAfee Labs threats predictions report, the only way to win the ensuing arms race is to – “effectively augment machine judgment with human strategic intellect”. Only then will companies be able to understand and anticipate the patterns of how the attacks will play out.

AI-driven Ransomware Attacks

AI-driven Ransomware is capable of turbo-charging the risks associated with an attack by self organizing to cause maximum damage, and moving on to new, more lucrative targets. Attackers can utilize artificial intelligence to automate multiple processes, mainly in the areas of targeting and evasion.

  • Intelligent Targeting – Phishing remains the most popular method of distributing Ransomware. Machine learning models are capable of matching humans at the art of drafting convincing fake emails. And they can create thousands of malware-loaded, fake messages at much faster pace without tiring. Much like a human, a machine learning model with the right ‘training data’ about a target could constantly change the words in a phishing message, till it finds the most effective combination. Ultimately tricking the victim into clicking anything or sending personal data. By going through your correspondence and learning how you communicate, messages crafted by an AI will easily bypass spam filters. And then mimic you in order to infect other unsuspecting targets.
    Intelligent Evasion – AI has the ability to make destructive hacks far less visible. An ML model can be used to hide a Ransomware attack by manipulating the system and disabling any active security measures. In this age of IoT, a self-targeting, self-hunting malware attack could easily high-jack IoT endpoints, manipulate data, and simultaneously infect millions of systems with ever being detected.

AI-driven Cyber Security

As more advancements are made in the field of artificial intelligence, it will become more accessible and inevitably used for ill. However, the upside is that the use of intelligent agents in cybersecurity services and applications offer an adequate and effective protection against incoming Ransomware and other related threats.

  • Early detection – Mainstream anti-malware and anti-virus products identify malicious software by matching it against a database containing digital signatures of identified malware. Machine learning enables the creation of a continually vigilant system that is capable of making decisions on the fly, based on complex algorithms and computational formulas. As more data is collected, the system learns by experience. Effectively preventing attacks by stopping the payload at download. And in the event is was successfully downloaded onto an endpoint, the additional steps of running exploits and running scripts and attacks in memory can be stopped.
    Effective Monitoring – Since AI has the ability to automate and self-learn, it significantly raises the effectiveness of guarding systems from attacks. The pro-active nature of a machine learning model allows it to anticipate attacks by monitoring glitches and patterns related to malicious content. A heuristic analysis can be performed to determine whether the behavior being observed is more likely to be malicious or legitimate, thus reducing the number of false positives or misdiagnoses. ML capabilities guarantee that any results that slip through are used to improve the system during subsequent monitoring.

Not all AI solutions are created equal. Despite the looming threat of a weaponized AI-driven attack, the key takeaway should be that prevention is possible. And as much as AI can be used to prevent Ransomware, the fight against malware threats is not all about software and security mechanisms. The first point of contact between the perpetrators and victims is usually a baited email. A lack of security awareness on the victim’s part is a huge part of the equation. In the fight of machine vs machine, the human element plays a crucial role. Measures to increase enterprise knowledge on the best practices to adopt and tricks to avoid has to be included in the overall defensive strategy.

Author: Gabriel Lando
image courtesy of freepik.com

Mobile Security Myths – Don’t Fall for Them

Mobility is the name of the game. Mobility is the frontier upon which the enterprise tech battles of the present and future are being fought. It’s estimated that enterprise mobility can help companies get as many as 240 hours of additional productive hours per employee per year. However, all is not well with the enterprise mobility world. At least, that’s what the myth spreaders will want you to believe.

 

 

Agreed, there are concrete mobile-specific security risks faced by enterprises. But the question is, at what point does the line between manageable risks and ambiguous myths become blurred? We’re here to demarcate these lines for you. Read on to get an understanding of the most common mobile security myths doing the rounds of cybersphere. More importantly, remember them so that skeptical arguments based on these myths don’t succeed in clouding your vision of enterprise mobility.

 

Mobile Data Encryption is Not Necessary

Well, a few years ago, when mobile devices were merely used as thin clients. In those times, mobile devices were not exactly meant for heavy data upkeep and transfers, and hence, mobile data encryption was an unnecessary addition to the entire security and maintenance task list. Today, it’s a different scenario.

Field personnel from leading enterprises, for example, use mobile devices all the day to access, edit and approve data. Price lists to customer signature images, media content to spreadsheets – the range of data and content formats used by enterprise employee on their mobiles is vast. Often, when the applications they use for data exchange are cloud-based, the data is encrypted by the application. However, for data exchange across emails and instant messengers, encryption is a must.

 

Mobile Security Audits are not for everyone

That’s totally untrue. For any enterprise that uses a fair amount of mobile devices in its IT ecosystem, it’s important to take care of mobile security audits. Such audits are ideally conducted biannually, because of the breakneck speed at which mobile technology is advancing. A mobile security audit must encompass:

  • All downloads and uploads of data using mobile devices
  • Applications logs on mobile devices registered with the enterprise Mobile Data Management (MDM) tools.
  • Employee mobile device usage practices while in field
  • Security methods and means used in the device

Contrary to popular belief, enterprises need mobile security audits to extract valuable insights about improving the mobile security strategy, instead of depending on MDM tools for the same.

 

Mobile Devices Are Inherently Less Secure Than Desktops

Well, there’s nothing inherent to mobile devices that make them more vulnerable to information security breaches than desktops. A key difference, however, is that mobile devices are always connected to the Internet. Also, a field personnel’s mobile device will be connected to networks other than the one provided by the company owned SIM card (such as public cafes, partner premise Wi-Fi, etc.). This could compromise the mobile device’s security.

However, because it’s an external factor, we can’t really deem mobile devices as less secure than desktops. In fact, when mobile phones mostly use cloud-based data, they’re actually more secure because all the data protection capabilities of the cloud vendor come to the fore. Desktops, on the other hand, store data in hard disks which are more vulnerable. Also, with mobile devices, it’s easier to manage data remotely in case the device is lost or misplaced, as compared to a PC.

 

Patching Mobile Devices with Latest Security Releases is Difficult

Patching is recommended as the single most effective best practice to keep malware and ransomware at bay. Patching, in fact, is a key aspect of wholesome enterprise device security strategy for cybersecurity teams.

It’s suggested that patching management on mobile devices is challenging. That’s because these devices are only intermittently available within the enterprise network. Secondly, the number of mobile devices in a mobility-focused enterprise grows so quickly that IT can always find itself chasing lofty patching goals, without actually achieving them.

In reality, IT security teams need to treat the mobile patching issue as a challenge that they need to meet. With centralized patching policies, focus on user education (and hence improving user initiated patching requests), and regular audits, IT can easily cover the extra mile.

 

BYOD Means Taking it Easy on Security

That’s a common misconception. Because most constraints on user experiences are mostly linked to the enterprise’s security policies, it also leads to users associating ‘ease of use’ and unconstrained user experiences with an assumed stance of relaxation and leniency in terms of IT security. However, the truth is that cybersecurity teams have to work in tandem with the mobility project team so that BYOD can be implemented securely in an enterprise. The flexibility of using one’s own mobile phone for business purposes helps significantly improve user experience, even though that is not linked with any corresponding removal of security provisions.

 

Allow What’s Necessary, Block The Rest – It Can Work For Mobile Too

 

Time and again, surveys have showcased how restrictive BYOD practices can be counterproductive to the whole purpose of mobility. At its center is the idea of enabling employees to work from remote locations and not be tied to their office desks to be able to get work done. Now whereas a ‘allow what’s indispensable and block the rest’ security philosophy can be sustained for a structured office desktop environment, the same is not true for mobile devices. Unless there are concrete and known security risks associated with personal mailbox apps, popular games, and IM apps, enterprise security would do well to not block them. At the very least, there must be an easy and quick mechanism for getting applications approved for mobile use.

 

Concluding Remarks

Enterprise mobility is a key success enabler and productivity enhancer for the modern enterprise. The path to mobility is challenging. IT managers and leaders, hence, need to make sure that common misconceptions and myths are not able to inflate the challenges in any way.

 

Author: Rahul Sharma