Cyber Security Archives - Page 7 of 9

Major Trends that will affect Cyber Security

Posted on 14/08/202009/06/2021 by Tushar

Will this year be as tumultuous as 2020? Let’s hope not. But one thing won’t change: In 2021, as is the case every year, companies will continue to be challenged by new or evolving cyber security threats.

We expect 5 security trends that emerged or accelerated last year to demand even more attention from organizations this year. Here is a look at key threats, potential vulnerabilities and defense strategies in 2021:

Zero Trust becomes more relevant than ever

While the concept of Zero Trust has been around for over a decade, only now is it becoming a viable defense strategy. Today, every endpoint including remote PCs, smartphones, tablets, IoT sensors, containers, virtual systems and cloud resources is susceptible to attacks.

Traditional defenses are meaningless in an environment where the traditional network perimeter is slowly dissipating. It’s not just a matter if these assets will be compromised, but when. The only safe response is to trust nothing on your network and assume the environment is compromised. The premise of Zero Trust management is that to be secure, organizations must verify and authenticate access in a continuous manner.

In 2021, the rise of machine learning is paving the way for Zero Trust. Machine learning can be used to help document baseline user behavior and detect anomalies in actions. For example, if you normally log in from London, but today you’ve logged in from Hong Kong, the system recognizes this anomalous behavior, blocks access and triggers an alert to raise an investigation.

Applying Zero Trust will become an integral part of every organization’s business behavior as a way to future-proof the protection of data and assets.

Remote working is your new threat vector

As a result of government-mandated stay-at-home orders, remote working grew faster than anyone could have foreseen in 2020. Approximately 40 percent of the global workforce shifted to working from home or other remote locations. What’s more, the transition happened practically overnight and is expected to settle into a long-term trend.

Traditional security strategies, developed for staff working in the office within the same corporate network, are insufficient. In many cases, home routers and networks are not secure, and family members’ computing devices may be easily compromised.

What’s needed in 2021 is a new way of operating to work securely from remote locations. It will require changes in behavior, such as keeping access to corporate data from a home network to a minimum. Organizations must verify access to data and assets using various authentication methods that require human intervention and leverage new technologies, such as remote browsing or remote terminals, where no actual data is transmitted to the computing device at home.

Such changes, once unthinkable and impractical, will be crucial to securing work-from-home environments.

5G wireless offers new opportunities, enables new threats

After being touted for years as wireless networking’s next big thing, 5G is finally becoming mainstream. Apple introduced its first 5G-capable iPhones in late 2020, and telecom providers worldwide have rolled out 5G services.

5G computing with its high-speed connections and improved network reliability should empower organizations to quickly deploy compute servers, IoT sensors and other devices on the edge in remote hubs.

The features of 5G, however, can pose new threats if not well-managed. If infrastructure is not carefully secured, adversaries can exfiltrate information very quickly and in large amounts from compromised environments, thanks to 5G’s blazing-fast bandwidth.

Another concern is that most endpoint devices are not designed to deal with a high-volume network, which means adversaries could use 5G bandwidth to easily overwhelm network assets through denial-of-service attacks.

Ransomware moves one step ahead

Ransomware dominated headlines in 2020 and security experts have developed new tactics for responding to these threats. For example, by studying ransomware campaigns, security teams can deduce the decryption keys needed to unlock systems without having to pay the ransom.

Cyber criminals are aware of such countermeasures and are already developing ransomware encrypted at the code level. This means cyber security teams will have to wait for the code to run before it can be studied, thus slowing the development of countermeasures.

Attackers are also rewriting ransomware code to infect the firmware of computing devices and ensure perpetual presence in the victim’s environment. Code that is running at the firmware level may not be detected, stopped or removed by antimalware software.

As this malware cannot be simply overwritten, once a device is infected, the hardware must be either replaced or sent back to the factory to reinstall the firmware.

Cyber analytics drives more data-driven decisions

Organizations are starting to understand the importance of using data to improve business decisions. Operational data can give insights about potential growth and cost-savings opportunities, and how to optimize business process.

Security operations, like other parts of business, are harnessing operational data to understand how business events tie to security events. Organizations can use cyber analytics and AI to predict when and where attacks are most likely to occur so they can then focus their investments to achieve the greatest protection.

AI systems must target aspects of operations unrelated to security that can be correlated with past security events. For example, an AI system might determine that most attacks occur 3 days before quarterly financial results are due to be publicly reported. With that information, organizations can proactively bolster security protections prior to the next public disclosure.

In 2021, such pre-emptive knowledge will help organizations plan ahead. However, to succeed they must thoroughly analyze and understand all the data they collect about operations and business behavior.

Thankfully, 2020 is behind us, but new threats await. Protecting enterprises this year will require new cyber defense strategies and tactics, and better threat intelligence.

Building A Cyber-Resilient Culture

Posted on 13/08/202009/06/2021 by Tushar

No enterprise is completely immune to cyber security attacks. Instead of focusing solely on preventing attacks, organizations should ensure they are able to respond quickly, recover and maintain operations. In other words, they should become cyber resilient.

Cyber resiliency requires establishing policies and processes that help an organization to survive and continue to execute its long-term strategy in the face of evolving security threats. Cyber resiliency should be part of a holistic approach to security that takes all aspects of the business into consideration, from employees and partners to the board of directors. Improving security is not a one-time project, but instead is a program of continuous improvement.

To become cyber resilient, enterprises must strike a balance between these three actions: protecting critical assets, detecting compromises and responding to incidents. Making the IT landscape cyber resilient requires investments in infrastructure, design and development of systems, applications and networks. At the same time, organizations must create and foster a resilience-conscious culture, of which security is an essential part.

An enterprise cyber resilience strategy includes three main components:

Adapt business and IT systems to next-generation threats. Enterprises must prepare for global malware and ransomware attacks, as well as more subtle attacks, where the adversary lurks inside the network. Begin by defining your enterprise security architecture to address prioritized risks. Get a fresh baseline of your current security stance. For example, find out how your enterprise would recover from ransomware if multiple sites, the Active Directory, and backup platforms were to become encrypted. Evaluate critical applications and their dependencies on infrastructure; then define a communications and command structure to ensure business continuity.
Update your security governance strategy. Governance is essential to successful security planning and key to attaining cyber resiliency. To ensure that your strategy measures up, incorporate strategies for protection, detection and response. Update and test business continuity and crisis management plans to cover new models of sourcing. Expand crisis management requirements to include all partners and suppliers. Make board members aware of cyber risks and the steps to effective cyber resiliency. Review and refine older access and software-patching policies and consider adopting role-based access control (RBAC) to more efficiently regulate access to computer and network resources.
Create a resilience-conscious culture. Encourage all employees — not just the cybersecurity team — to adopt a cyber resilient mindset. Stress that employees are the first line of defense when it comes to threats such as phishing and malware. Promote collaboration across teams with pertinent information about security and threats. Coach employees to share knowledge with appropriate authorities and peers both within and outside of the enterprise.

Keep looking ahead

New threats are emerging as organizations adopt new technologies as part of ongoing digital transformation. Enterprises must be prepared and properly staffed to address these challenges:

Internet of things (IoT) vulnerabilities. Consider system cyber and physical security requirements and resilience before widely deploying and depending on IoT systems. Use IoT gateways and edge devices to segregate and provide layers of protection between insecure devices and the internet to help manage the overall lack of IoT security.

Blockchain complexities. Blockchain technology, by its nature, is distributed and resilient. But blockchain moves transactions toward a decentralized model, making it essential to control private cryptography keys. When embedding security into blockchain transactions, use role-based authentication and end-to-end encryption to properly protect data.

Lack of Security Operations Centers (SOCs) resources. Examine the important role SOCs play in bringing together the resources needed to direct the defense. Define what constitutes suspicious activity, identify vulnerabilities, configure detection technologies, search for and validate active threats and ultimately notify affected parties. SOCs must manage and monitor identities, as well as ensure compliance with policies and regulatory requirements.

Transition to DevSecOps. Consider adopting a comprehensive DevSecOps model that incorporates review and governance and supports faster release schedules and innovation. Determine whether your organization can commit to the requirements necessary for success, which include changing to a culture of collaboration, building security throughout the development life cycle and evaluating technical and business risks.

Achieving cyber resiliency should be a modular transformation that evolves from a well-defined strategy to a project roadmap. Make sure you define a strategic direction aligned with business objectives, outline a plan to achieve that direction, and ensure proper execution of that plan, including decision making based on risk management.

Digital Security Strategy’s guiding concepts

Posted on 08/08/202009/06/2021 by Tushar

Digital transformation represents the greatest opportunity for the enterprise in the 21^st century. CEOs across the globe have digital innovation on their agenda as they seek to deliver innovative new business models, create new digital customer experiences, and optimize and automate their processes to enhance business performance.

BUT…digital technologies and the rapid pace of change in a digital world also threaten the enterprise through a growing cyberthreat landscape with a widening attack surface that exploits the very same digital technologies being used to transform the business.

To prevent cyberattacks from derailing your digital initiatives, we need to build security into the very fabric of the digital enterprise. Delivering secure digital transformation is about building security into the digital core platform which is the foundation for how we transform the business…put simply, we must become “Secure to the Core” and have a consistent framework for digital security transformation.

Deploying the right Cyber Defense

One of the key imperatives for secure digital transformation is the ability to monitor every aspect of technology (both IT and OT) across the business. In short, we need to Monitor Everything.

The modern enterprise requires a plethora of security tools to secure their infrastructure and endpoints (networks, firewalls, servers, storage, devices, applications, data, etc). These tools generate an enormous volume of data each day, making it almost impossible to identify and respond to true cyberthreats in a timely manner.

Intelligent Security Operations can detect threats quickly, respond to attacks rapidly, and defend the enterprise from security breaches by applying intelligence and automation to handle the enormous volume of incidents we see across the globe.

To ensure a secure core, Anteelo’s approach is to provide next-generation digital services with a high degree of automation through a Security Platform that applies lean process, deep analytics and intelligent automation to the security information and event management (SIEM) process.

We often describe the underlying technologies within this platform as SOAR (security, orchestration, automation and response).

IDC, meanwhile, describes these cybersecurity technologies as AIRO (Analytics, Incident, Response, and Orchestration). The AIRO technologies trace what is required in the Security Operations Center (SOC) to protect the enterprise network through to threat detection and formal remediation.

Whether your approach is “SOAR” or “AIRO,” either way we must apply automation and orchestration to cyber defences in order to keep up with the sheer volume of data and incidents generated across a wide array of infrastructure and endpoints.

In addition to monitoring everything with SOAR (or AIRO), we also believe in two more critical imperatives that are needed to secure the enterprise: Verify Everything and Encrypt Everything.

Verify Everything is about adopting a zero-trust approach to digital identity and access management. Enterprises engaged in digital transformation need a new approach if they are going to thrive in the digital world. The principle for security is no longer about the “where” it’s about the “who.” Success requires a comprehensive focus on digital identity management. Identity and access management can effectively establish a logical perimeter that enables digital transformation. The right identity and access management solutions prevent unauthorized access to enterprise information using multiple authentication methods with user access management and provisioning.

Privacy by Design

Encrypt Everything is about minimizing the risk of unauthorized or unlawful processing of business-critical data and avoiding accidental loss and destruction or damage to data. All sensitive data requires encryption and/or tokenization using trust services (PKI, certificate and key management), encryption solutions, and rights management. The right data protection and privacy solutions encrypt sensitive data and prevents data loss from malicious cyberattacks.

So, to enable your digital transformation journey, remember these three key security principles: Monitor Everything (with cyber defense solutions), Verify Everything (with digital identity solutions) and Encrypt Everything (with data protection solutions).

Creating a safe networking of linked devices

Posted on 07/08/202009/06/2021 by Tushar

The number of connected devices is predicted to grow to 75 billion by 2025. This will create a massively connected ecosystem, and data security will be paramount.

Many of these devices will be cyber-physical systems, which closely integrate computation, networking and physical processes. The devices consist of a physical entity and its cyber twin, which can replicate the behavior of the physical machine and give insights into how the machine will react when prompted by various actions. Connect these devices to the internet, for data transfer, and the result is the internet of things. Smart grids, autonomous vehicles and medical devices are examples of cyber-physical systems.

In cyber-physical systems, digital and physical components interact with each other in a variety of ways that change with context. For example, an offshore drilling facility transmits sensor values from devices to check that machinery is functioning; the alerts from the devices will vary depending on whether it is a normal scenario or an emergency. Similarly, a connected medical device will send an alert based upon the patient’s condition.

In all contexts, it is imperative to maintain security and privacy of the data. This is particularly true in a data-sensitive field like healthcare, where there is growing concern about cybersecurity in connected medical devices.

A secure framework for cyber-physical systems

We have created a secure framework for connecting cyber-physical systems by leveraging distributed ledger technology (DLT). DLT is a digital system for recording asset transactions in multiple places at the same time, making fraud and manipulation difficult.

Our framework addresses:

Two-way tamper-proof device communication
Financial transactions between devices (e.g., machine-to-machine micropayments using crypto currencies)
Message transfer and data storage between devices with minimal or no transaction fees and mining (network) fees

The framework integrates edge computing components, which are industry-specific (such as medical devices), and has DLT at its core for data transfer and communication.

Edge devices communicate with a central system, the Directed Acyclic Graph distributed ledger, which powers data storage, transfer and access and ensures data security and data privacy. Click image to enlarge.

Inside the framework

We developed the framework’s components using directed acyclic graphs (DAG) — specifically IOTA — as the underlying DLT technology. DAG architecture is well suited for scalability and does not carry mining fees.

IOTA uses an invention called “The Tangle” at its core. The Tangle is a new data structure, based on DAG, that takes care of data privacy needs by providing restricted and private storage and retrieval options.

We describe each component with an industry example but the components can be extended to other industries:

Financial transactions – This component stores all transactions and automates micropayments between machines without any manual intervention. This component can be directly applied to the automobile industry for vehicle charging, toll payments, parking place payments and more. Details are available in this earlier post.
Tamper-proof data transfer / two-way remote communication – The underlying DLT technology of this component ensures data security and privacy in transmission, storage and usage. One direct application is remote patient monitoring in healthcare. This can be extended to any industry that needs remote device monitoring or secure data communication (e.g., offshore drilling and its machines).
Track and trace of a device’s location with indoor positioning – This component helps track and trace sensitive assets, when knowing the status of a device or machine is paramount. For example, use this component to optimize x-ray machine use in a trusted hospital network and reduce patient wait times.
Secure over-the-air firmware updates – This component addresses the exponentially growing need to push secure firmware updates to connected devices, with tamper-proof audit trails made possible by DLT. It is applicable to all connected devices in almost every industry including automotive, healthcare, technology and energy, and utilities.

The components are designed to work online, offline and in mesh networking mode (when Wi-Fi or cellular networks are not available). For example, if connectivity is lost due to an emergency or an outage, these systems can still transmit messages in up to a 65-mile radius. This is critical because it means your medical device stays connected if Wi-Fi or cellular goes down.

Moving toward a unified Digital Security Transformation Framework

Posted on 06/08/202009/06/2021 by Tushar

Organizations pursuing digital transformation initiatives are typically doing so to achieve a variety of possible business outcomes ranging from improved customer experience to improved operational efficiency. As enterprises plan their digital journeys, they are increasingly moving to a more distributed IT environment where corporate applications reside on premises as well as in public cloud environments, and access to these applications is provided on an anytime, anywhere basis to a variety of endpoint devices.

In this type of environment, there are a number of technology-related issues that will drive enterprises to think about new security risks such as the adoption of new technology, IT architectural migration, and the implementation of new operational processes. While these issues typically drive the front end of a digital transformation plan, security is often viewed as an obstacle to a digital transformation initiative or is an afterthought and only considered after the plan and design of the digital transformation initiative is finalized.

Security as an obstacle to innovation

Technology issues like cloud migration, the proliferation of endpoint devices (or “things”) attached to the network, and the adoption of new technologies like AI and IoT can potentially create new vulnerabilities for attackers to exploit. For some organizations, the thought of digital transformation creating a need for incremental security spend above what is currently being spent can slow the pace of digital transformation or stop it entirely.

The reality is that digital transformation is driven by business objectives and the development of a digital transformation strategy must include security requirements at the outset to minimize potential technology and business risks that cybersecurity represents to an organization. What is needed is a better understanding of the business risks associated with a digital transformation plan and the potential impact to the business if those risks ever materialize.

Attempting to “bolt on” a security strategy after the digital transformation plan is in place can put an organization at significant risk once the transformation plan is implemented by not having the proper controls, processes and technologies in place. Every component of a transformation initiative brings inherent risk, and organizations must rethink their overall security posture and the effectiveness of the current security controls they have in place.

Therefore, in the shift from an organization’s current state of IT operations to their future state, IDC believes that a framework for security that includes the combination of a comprehensive security strategy in conjunction with a digital transformation strategy would provide a guide to help organizations understand where potential risks exist and how best to address the risks inherent in their digital transformation journeys. This approach brings security concerns and technical risk in better alignment to business objectives.

Accelerating the path to digital transformation securely

Reference architectures are commonly used as a template for highlighting the various components of an architecture, their functions, and the interdependencies of the functions provided through a set of interfaces. The objective of the reference architecture is to provide a level of commonality for consistent implementation and reuse. This helps to accelerate the delivery of a technology solution while ensuring consistent implementation.

When considering the architectural changes taking place in enterprise IT environments as organizations execute on their digital transformation strategies, the use of a security reference architecture can help bring business objectives and security concerns in alignment, while also accelerating the path to digital transformation in a secure manner.

Given the challenges businesses face today keeping pace with the ever-changing security threat landscape and the demands for IT to be an enabler to digital transformation, a consistent approach to implementing security at the strategy, operational and technical level is a business imperative. The use of a holistic framework that provides a consistent methodology, uses a common language and provides a step-by-step guide for embedding security into any digital initiative will help organizations streamline transformation and accelerate the time to realize real business value.

How to Ensure Cybersecurity in the IoT Era

Posted on 18/07/202008/06/2021 by Anteelo Master

Without adequate security, all connected devices provide a direct gateway into our personal & professional networks. Is it possible to avoid theft of data?

Considering the pace we are all moving at, companies are continually striving to make everything connected virtually. Devices connected to IoT can ‘communicate’ with each other be it tech gadgets, smart phones, smart home equipment and machines, etc. But, without adequate security, these connected devices provide a direct gateway into our personal, corporate, and governmental networks where confidential data can be either stolen or destroyed.

Now that IoT has become a complete game-changer, cybersecurity is more relevant than ever and challenging at the same time. The question still remains, are we ready for such an increased level of connectivity? What are the IoT security risks?

Before we dive into the glaring security issues, let’s look at some IoT market statistics, shall we?

Essential Internet Of Things Statistics To Keep You Up to Speed

Overview of the IoT market

1. The global market for the Internet of things (IoT) reached $100 billion in revenue for the first time in 2017, and forecasts suggest that this figure will grow to around $1.6 trillion by 2025.

2. The total number of connected devices to IoT is projected to reach to 30.9 billion worldwide by 2025. Do note that this number includes active nodes/devices or gateways that concentrate the end-sensors, rather than consumer devices such as computers and cell phones.

3. Due to the Covid-19 pandemic, the IoT adoption rate has increased, especially in the IoT in healthcare setup.

According to Microsoft’s 2020 IoT signals report, one-in-three decision-makers plan to up their IoT investments while 41% say their existing investments will remain the same.

Statistics about IoT security threats

1. SonicWall, which blocks an average of 26 million malware attacks globally each day, recorded 40% rise in malware attacks during the third quarter of 2020 as compared to 151.9 million ransomware attacks globally through the first three quarters of 2019, marking 15% and 5% year-over-year declines, respectively. The report clearly indicates how IoT cyber security is compromised.

2. According to the 2020 Unit 42 IoT threat report, 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network. This is one huge example of IoT cyber risk.

3. The same report also points out that 57% of IoT devices are vulnerable to medium- or high-severity attacks. Also, 41% of attacks exploit device vulnerabilities that again shows IoT security challenges.

Now that you are up to date with all the data that revolves around security aspects in IoT, let’s discuss the challenges of securing IoT devices.

Internet Of Things Security Vulnerabilities And Challenges

1. Insufficient testing and updating

The major issue that comes with companies while developing IoT devices is that no one takes care of the security issue unless some major problem hits. Once IoT manufacturers launch a device they ensure that it is secure but over time it becomes prone to hackers and other security issues due to the lack of constant testing and updating. Hence, opening the door to IoT security challenges.

2. Lack of compliance on the part of IoT manufacturers

Let me explain this with examples you see in your day to day life. If you use fitness trackers, you must have noticed that bluetooth remains visible after the first pairing. A smart refrigerator can expose gmail credentials and a smart fingerprint padlock can be accessed with a Bluetooth key that has the same MAC address as the padlock device.

This can be labeled as one of the biggest IoT cyber security threats! Below are some security issues in IoT devices from manufacturers:

Weak and easily guessable passwords
Usage of old operating systems and software
Insecure and unprotected data storage and transfer
Technical issues in the hardware

3. Botnet attacks

Cyber security for IoT devices is very crucial since they are highly vulnerable to Malware attacks. They do not have the regular software security updates that a computer does. To perform a botnet attack, a hacker first creates an army of bots by infecting them with malware. Further, directs them to send thousands of requests per second to bring down the target.

Cyber security and IoT should go hand in hand in order to avoid a situation of attack. A botnet attack can easily cause a security threat for transportation systems, manufacturing plants, water treatment facilities and electrical grids, which can threaten big groups of people.

For example: A hacker can create spikes on the power grid by triggering a cooling and heating system at the same time. If this attack is planned on a big-scale it can create a nation-wide power outage.

4. Data security and privacy issues

Did you know that hackers did not spare a visionary like Elon Musk and a company like Apple which is known for its proud security claims. ? If such data comes in the wrong hands, it will not only lead to loss of money but also compromise intellectual property.

It was predicted that the Internet of Things will become a target-rich environment for hackers by 2020, attracting more than 25% of all cyberattacks. According to Microsoft, security aspects in IoT are lagging because 60% of employees use their personal devices for work purposes, and more than 80% admit to using unsanctioned web apps for work.

5. Financial crimes

Electronic payment companies that deploy Internet of Things may experience a wave of financial crimes. It will be a challenge to ensure the timely detection of fraud.

Also, due to compliance and operational issues, it will be difficult for all financial companies to launch new models of workflow. That is, unless they improve their project lifecycle and risk management strategies that include a rising threat of IoT security breaches.

6. Home invasions

You must be familiar with the concept of ‘smart homes’, which is a by-product of IoT. Cyber security for IoT becomes a huge issue when it comes to home automation. Due to unsafe devices and poor defense mechanisms, your IP addresses are trackable and it makes it easy for hackers to locate the address of the device.

7. Remote smart vehicle access

An IoT security challenge that is close to home invasion is the hijacking of your smart vehicles. This can lead to theft of personal data, vehicle theft, manipulation of safety-critical systems, etc.

Also, remote vehicle access can be a subject to ransomware, as a hacker may demand a hefty fee to unlock the car or to enable the engine. These malicious intrusions are obviously a huge threat to public safety as they can cause accidents.

Now that you have walked through the vulnerabilities and challenges that come with IoT, it’s time to talk about cyber security strategies that can help you overcome them.

How Can You Make IoT Connections Secure?

1. Secure the network

It is extremely important to secure the network that is a connecting bridge between the IoT devices and the back-end systems. This can be achieved by implementing security features like antivirus, anti-malware, firewalls and intrusion detection and prevention systems.

That being said, in order to sustain a smooth operation, there is a need for the IoT network to be protected and secured. You can effectively protect the network and secure it against attacks with the help of the above mentioned systems.

2. Authenticate the IoT devices

One of the cyber security solutions can be device authentication features for the IoT devices. Features like- multi-factor authentication and biometric systems ensure that nobody can access your devices. A potential attacker will need personal information to gain access to information and this is where you have leverage.

It is of great significance to secure your devices and reduce the probability of your data getting into the wrong hands. When you implement the suggested security options, your IoT devices become well secured against external breach of security. Thus, you will be able to enjoy the numerous benefits of having IoT devices at home, in the office, in your automobile, and anywhere you want.

3. Public key infrastructure strategy

A public key infrastructure (PKI) allows the users to engage in secure forms of communication, data exchange, and money exchange. This type of engagement is carried out using public and private cryptographic key pairs.

PKI ensures the encryption of data through two — asymmetric and symmetric encryption — processes. In asymmetric, we need two keys, one key is the public key and the other key is the private key. If something is encrypted with the public key, then decryption can only be done with the private key and vice-versa.

On the other hand for symmetric both the data encryption and decryption is done with the same key. The data encryption and decryption ensure that data privacy is maintained and the chances of data theft are reduced to the bare minimum.

4. Use IoT security analytics

You can drastically change the number of security issues you face by implementing security analytics. This involves collecting, correlating, and analyzing the data from multiple sources and can help IoT security providers by assisting in identification of potential threats.

Final Say

There is a lot of scope in IoT today and it is safe to say that the market will increase as per the projections, so now is the time to dive deep into the subject and understand it’s what’s and how’s. Also, with the discussion on IoT security challenges and solutions, we can conclude that securing applications is of paramount importance.

The security challenges must be managed, monitored and avoided by taking certain measures. You can go ahead and hire an IoT app development company that can help you overcome all your security risks, you can also choose the company based on the location, for example if you reside in the USA, then finding an iot app development company USA is better choice, as you will be able to know whether the company is genuine and knows its clients and customers choice.

Where should new security tools be deployed initially for maximum impact?

Posted on 12/07/202009/06/2021 by Tushar

You have your eye on a new piece of security technology or service and you want to evaluate it before deciding whether to commit to the effort of a full deployment. Alternatively, you may already be committed to full-scale deployment but wondering where to start. So where should you deploy it first to test it most effectively and have the greatest impact?

Human nature, caution and conventional wisdom dictate that you should put it in a lab environment or in a low-importance section of your network. That is sensible, isn’t it? The change board will give you less hassle and if there is a problem, you are going to get less flack, aren’t you?

But will that approach give you most information and practical experience about the new system’s deployment difficulties, effectiveness in your environment and what it will detect? Will it give you the maximum protection as soon as possible?

Any tool that gives you fresh insight on the behavior of your systems tends to find something interesting. Those of us who have deployed such things have the stories to go with them – from mundane discoveries such as finding that all servers in one network had the wrong DNS settings and were thus being slowed down, to critical detections of previously unobserved persistent attackers.

However, there is an argument to be made for deploying this new tool on your production systems, close to your crown jewels. These are the things you really want to protect and the environment in which it really needs to work. Yes, this approach is higher risk, but it is also higher benefit. Will a deployment on a low throughput, obscure bit of network really tell you much? On the other hand, couldn’t one real detection on your primary systems during the evaluation period convince you and your management of the system’s value?

Granted, this may not be a sensible suggestion for inline systems that process all traffic, but with the right technology it can work. Many security technologies monitor traffic and provide alerts rather than enforce actions — or at least they have a mode in which they can act in this way. A new security solution deployed on a span port or network tap may actually pose more risk to production traffic in terms of confidentiality than in disruption or performance. It is also easy to turn off or detach such solutions by removing the span connection. Other security tools rely on collecting logs from your existing devices. Building an architecture that allows forking and diverting the streams of log events can support easy introduction of such types of new security tooling.

As an example, consider the evaluation of a new security monitoring tool, perhaps one with user and entity behaviour analytics (UEBA). Will you get much information from deploying it on a test/staging environment that will typically have a small number of users and occasional traffic? Or would you get a better sense of its value from connecting it to your production active directory, primary applications and remote access system? Wouldn’t that give you a better idea of how easily it can be connected, how well it copes with actual production loads and whether it can really differentiate between normal and suspicious behaviour?

Designing taps such as those mentioned above into your network and log architectures future-proofs your environment, making it easier to evaluate other products down the road and deploy them into final production. It can also help in emergencies, as incident response teams wishing to deploy their tooling will be looking for very similar facilities overseeing your most critical systems.

So next time you have a new security system to test, think about ignoring conventional wisdom and throwing (some) caution to the wind. Sometimes the radical step is the right one. Deploying security tools on your crown jewels first may be the optimal approach.

Why does a Zero-Trust Security Paradigm in Healthcare make sense?

Posted on 11/07/202009/06/2021 by Tushar

There has been a long-held assumption that data security threats originate from nefarious external forces seeking to steal an organization’s most sensitive data. Traditional security models were therefore designed with this view in mind and on the mistaken belief that everything within the internal network is trustworthy. But there is evidence that a majority of attacks come from internal sources, with healthcare, manufacturing and financial services firms at the greatest risk.

An insider threat may be intentional or accidental but, in either case, the risk can be that much greater because it is often difficult to detect and can continue to spread.

In healthcare, having electronic health records (EHRs) that collect a patient’s data in a single record is hugely beneficial to managing patient care and to patients’ ability to gain insights into their overall health and manage their own care. Securing sensitive data is of paramount importance to prevent data theft, identity theft and reputational damage to the provider. Therefore, access must be secure and accountable, regardless of whether the data resides on hospital servers, mobile devices or cloud services.

As the healthcare industry continues to digitize — bringing together EHR data with other data about the patient, including from smart devices — and as it shifts to care without borders, interoperability of data will become even more crucial, but so too will cyber resilience. Organizations will need to focus on hardening access to digital assets as opposed to making them inaccessible.

In an era of patient-driven care, patients expect to be able to trust those caring for them to safeguard their data. Violation of that trust with security breaches affects the quality of care those patients receive. If a reputable hospital suffers a breach, it will influence where a patient will go for care, which could affect the continuity and quality of care.

This is where the security approach known as zero trust comes into its own. With zero trust, there is no assumed trust of corporate devices or networks versus untrusted public networks or personal devices. The same security checks are performed on users and devices. Everybody is equally suspect, but everybody is also equally enabled to gain the access they need. Access policies are applied wherever data is held and across the interfaces of all systems when they are being accessed.

Such a system might sound onerous to operate, but zero trust is not about putting roadblocks on innovation, collaboration and open exchange. Rather, it’s about increasing cyber defense.

In healthcare, zero trust is about finding a solution that can preserve the sharing and giving of information in a patient’s best interest but that will safeguard the information at the same time. The zero trust approach does just that and is a viable option to support digital healthcare.

To achieve the objectives of data security through a zero trust approach, healthcare organizations need to consider three key elements.

Ensure that zero trust encompasses security at multiple levels. Applications need to be subject to strict login and monitoring rules and complete API security. This is one way an application can be executed, and these interfaces are vulnerable to attacks unless they are properly protected. The network must have strong security measures, such as physical segmentation and firewalls, plus security monitoring across all users and IT systems. Multilevel security programs should also address training for staff and patients to spot phishing attempts and practice good security hygiene, such as setting strong passwords. And the infrastructure needs to monitor all users logged into the overall system. Patients who read reports that their hospital is being investigated for security breaches will choose to go elsewhere. Once a hospital’s reputation is damaged, the stigma is hard to overcome.
Ensure that all patient data and resources are accessed securely with the appropriate permissions. Knowing where data is held allows controls to be extended to wrap and protect data on-premises, in the cloud and on personal devices. Once the data is classified, the correct access policies can be enforced when that data is being accessed. Healthcare organizations need to be able to audit who has accessed information to ensure accountability.
Have in place a “least access” strategy through an identity and access management solution, and grant access only to people authorized to access data. For example, if a physician is allowed to access a patient record, only that physician should be able to do so, not other clinical staff involved in caring for the patient. The objective is to ensure that the hospital is running an environment with the proper protection in place. Zero trust needs to be ingrained in human resources policies. Since hospitals typically have a large temporary workforce and a lot of personnel changes, the identity management system can automate safeguards to identify new employees and those moving into different roles or leaving the organization. So, if a nurse or doctor leaves the hospital, that person’s authorized access will be automatically revoked.

The patients’ trust and confidence in the healthcare system rely on healthcare organizations being able to safeguard their data and ensure that it is only used legitimately. Trust drives all consumers’ experiences in terms of whom they engage with. And in an era of patient-centered care, patients expect their hospital or clinician to also care for their personal data.

Crucial ways by which Continuous Delivery improves your Security posture

Posted on 10/07/202009/06/2021 by Tushar

Continuous delivery yields a host of IT and operational benefits, including proven competitive advantages like faster deployment times, responses to customer feedback, and bug fixes. But one aspect that tends not to make it on the marquee list of benefits — and should probably be headlining it — is security.

It’s really quite simple — with continuous delivery, cruical security enhancementst, updates and fixes to applications can be pushed live in a quick and timely manner to get the enhanced security into deployment. What could be better than that?

Traditional slow and batch-oriented waterfall approach

Typically, in the traditional ITSM approach, when a security incident happens, it is captured and consolidated with other requirements to be addressed in the next application release. Sometimes an urgent patch release can be delivered sooner, in a few weeks – if it can rapidly progress through the cycle of fix, regression testing, release preparation, release testing and maintenance. But if the fix requires a major release, it could be many months until it can be made available, and in most cases, the only thing you can do in the meantime is document the incidents.

That’s too slow.

A better, faster way — continuous delivery and DevSecOps

A modern service management approach combining continuous delivery and DevSecOps supports the core tenets of information security: data confidentiality, integrity, and availability. A dedicated team provides continuous delivery by making small or incremental changes every day or multiple times a day. DevSecOps secures the continuous integration and delivery pipeline, as well as the content that’s coming through that pipeline.

You gain three key advantages:

Speed. Continuous delivery and DevSecOps dramatically improve security because they allow malicious attacks and bugs to be addressed as soon as they’re identified, not just added to some logbook. And in many cases, the window for action falls from between six and eight weeks down to minutes. Thus, far fewer incidents become problems that impact IT and business operations.

Consistency. IT teams working under traditional ITSM often worry that the continuous delivery and DevSecOps approach will create more opportunity for mistakes and bugs because more changes are happening more often. In practice, the exact opposite is true.

Flexibility. A DevSecOps approach simplifies the introduction of blue/green canary releases — implementing a new release while continuing to operate the prior release — into your delivery capacity. This allows you to redirect modest amounts of traffic to your new release, facilitating the identification of potential issues without drastically impacting many users. It also lets you rapidly shift all traffic back to the current release should a problem be identified.

The modern approach offers a variety of powerful tactics for quickly countering attacks. For example, workloads can be designed to move between cloud providers using Pivotal Cloud Foundry, containers or other homogenizing technology that offers the flexibility to move systems from one cloud provider to another. If there is a big denial of service attack in one provider, you could redeploy to another provider or back to a private data center with the click of a button. If an attack is focused on a particular IP, you recreate the environment at a new IP and block the other one completely. Structuring applications in this kind of push-button deployment mode creates opportunities for all sorts of similar scenarios.

How to move forward

Realizing the security benefits that come from implementing continuous integration and DevSecOps may require a deep, cultural change in the way your company builds and delivers software. Increasingly, security will become a secondary competency of developers, with risk ownership devolving from the central security team to application owners. In this new mode of operating, we need to make sure the right guard rails are in place and that the central security team provides necessary mentorship and support.

It’s a challenge, no question. But worth the rewards.

Successfully navigating some of these changes is explored in a recent post called “How to jump start your enterprise digital transformation.” A seven-page paper, DevSecOps: Why security is essential, is another good resource.

The Biggest Cybersecurity Threats for 2020

Posted on 10/06/202015/06/2021 by Tushar

Cybersecurity has continued to be a major issue throughout 2019 and as organisations begin to rely even more on IT, it remains a serious concern. While most companies are by now aware of how important cybersecurity is, many have yet to implement the necessary measures needed to adequately protect them. In this post, we’ll look at what security threats 2020 is likely to put in their way.

1. Lack of cybersecurity education

Perhaps the biggest cyber threat to any business is the lack of knowledge and understanding within a company about cybersecurity. Today, the digital revolution is affecting the working practices of employees throughout companies big and small. With more and more employees using connected technologies as part of their everyday jobs, it is more important than ever to ensure all staff are aware of what cybersecurity risks they face and how they can work in a way that will enhance security.

In 2020, expect to see more organisations putting cybersecurity strategies into place that include ongoing training for staff on the latest technologies and threats and, importantly, letting them know how to work responsibly and respond to incidents.

2. The threat of data breaches

The enormous value of personal data to the criminal underworld means that data is a principal target for hackers. As a result, the threat of a data breach will continue to be one of the biggest issues that businesses will face in the coming years. This means companies will need to ensure personal data is secure end to end, from the moment it is sent to them to its safe disposal. The use of SSL certificates, encrypted data storage, logical access, password management and the rapid patching and updating of web applications is vital in this area.

For those who succumb to a data breach, tough fines, reputational damage and even lawsuits await.

3. Skills shortages

The complex nature of cybersecurity means that increasing numbers of organisations are employing the services of highly-skilled, security experts. Unfortunately, as these professionals are in short supply, there is a considerable skills gap in many companies just at the time when the need is the greatest.

In response, many companies are now implementing the use of intelligent, automated security tools that use advanced technologies to scan and block attempted intrusions, infections or other forms of attack like DDoS. These services can often be delivered by your service provider.

4. Leaky clouds

The majority of enterprises use the cloud for at least part of their IT solution and it is increasingly becoming popular as the place to store data and run operational processes. However, its popularity has not been kept a secret from cybercriminals and the number of cloud-based threats has continued to rise.

In 2020, companies will need to maintain the security of critical data and make sure they have real-time threat intelligence in place, to minimise the risk of data breaches or critical operations being taken offline.

5. Mobile device risk

For many employees, the smartphone is now an essential work tool used not only to access the company system but to store important data. This puts organisations at risk from poorly secured connections, mobile malware and device theft. It is critical, therefore, that all mobile devices that can be used to access the organisation’s systems are secured. One solution is to ensure access is carried out via a secure web app.

6. IoT vulnerability

Mobiles aren’t the only remote devices that are vulnerable to attack; perhaps even more at risk are the IoT devices which have proliferated in use over the last few years and on which many organisations increasingly rely. They present a plethora of potential vulnerabilities that organisations need to protect themselves from, such as insecure wi-fi connections, hard-coded credentials, unverified firmware and unencrypted data. In addition, a compromised router or network attached storage server gives an attacker access to data and can serve as a platform to launch more attacks. In 2020, organisations which use the IoT will need to look carefully at how to ensure these vulnerabilities are protected against.

7. Rogue states

It is not just cybercriminals that are out to steal data and cause chaos, unfortunately, some governments are at it too – and these rogue states will have more advanced technologies, IT expertise and financial backing than the average hacker.

While cybercriminals are usually financially motivated, state-sponsored attacks can have a number of purposes, such as causing major security breaches to undermine companies, taking critical services offline using a DDoS attack, industrial or political espionage, spreading fake news to influence elections and even taking those who oppose them offline.

State-sponsored cybercrime is the new cold war and while major companies, public utilities, defence and political organisations are particularly at risk, all organisations need to be aware of their risk of attack and how to protect themselves.

8. Intelligent malware

The war between cybercriminals and cybersecurity teams isn’t being carried out simply by the human brain anymore. Both camps are now using artificial intelligence (AI) and machine learning as tools in their armoury. Unfortunately, this means that cybercriminals are now able to create extremely sophisticated malware and methods of attack and at a pace that cybersecurity companies are finding challenging to deal with. It may only be a matter of time before one of these stealthy attacks strikes with devastating effect.

Conclusion

In 2020, cybersecurity will continue to challenge organisations big and small. We’ll see persistent risks like data breaches remaining high on everyone’s agenda, while the development of new technologies brings new threats, such as intelligent malware and IoT vulnerabilities. As companies expand their use of IT, we’ll also see a need to protect the cloud and mobile devices while ensuring that there are highly skilled IT experts driving security strategies and educating everyone else how to stay secure.