Categories
authentication business cybersecurity Data and Security Data Breach enterprise Hack hacking Password password manager ReadWrite two factor authentication

Passwords and Their Ability to Bring Down Even the Largest of Enterprises

passwords hacking

The dangers of using passwords as a means of authentication cannot be overemphasized. According to reports by IT Governance, poor password behavior is the number one cause of data breaches. Despite this, passwords are still very common in the average person’s personal and work life. Here are passwords and their ability to bring down even the largest of enterprises.

Passwords are difficult to manage, and bad password habits are easy to develop because of how difficult it is to store multiple complex passwords.

They are also very insecure because passwords are just too easy to guess, hack or intercept. What’s more, the legacy of bad password habits, reusing and sharing online credentials, leads to constant cybersecurity attacks of both people’s personal accounts and enterprises.

The consequences of a cybersecurity attack from a leaked, stolen, or shared password could be disastrous; a hacker could launch a highly sophisticated attack on you or your business, causing serious short-term and long-term damages. This could lead to serious financial and legal implications. In a worst-case scenario, a malicious attack could even sabotage your business and its operations to the extent that it may never be able to recover.

Too Many People Use Old Passwords — STOP THAT!

According to a 2019 HYPR password usage study, a study that involved analyzing data from over 500 American and Canadian full-time workers, about 72% of people surveyed reuse an old password when forced to change to a new one, and 78% percent of them forgot their passwords in the previous 90 days.

This can be said to be due to the overwhelming number of passwords users have to manage because the study further showed that over 37% of respondents have over 20 passwords in their personal life, which in most cases is too much to manage effectively.

Hackers will Always Try to Attack Your Employees

Many negative implications come with your business’ security being compromised due to poor passwords, some of which are discussed below.

  • Financial Implications

On average, cybersecurity attacks in 2017 alone cost enterprises $1.3 million and $117,000 for small and medium scale businesses to repair hardware and software. A data breach can also lead to legal consequences for your company if data leaked belongs to a third party or contains sensitive information.

  • Data Theft and Sabotage

Every single day, companies from around the world lose about 5 million records containing sensitive data due to vulnerability in their system or a human factor failure, with only a mere 4% of escaped data being protected by strong encryption and, therefore, cannot be misused.

In some cases, millions of email addresses and passwords are leaked during a single data breach.

Hacking and data breaches may also negatively affect digital data or even physical equipment. Some hackers may intentionally modify or damage data in order to harm their targets.

  • Poor Web Presence

For many businesses, especially small ones, most sales and operations are made online – as an online presence exposes businesses to larger markets, with two-thirds of small businesses relying on websites to connect them to customers.

Hacking or data breach, in this case, however, may be seriously detrimental to your online presence; it may lead to your website being slowed down considerably as hackers try to upload and run files on your company server.

Also, if hackers try to use your IP address to attack other websites, your web hosting might be suspended, or your website may shut down entirely and only display a “PAGE NOT FOUND – 404 ERROR” message; all these will also cause your company’s SEO ranking to take a big hit.

  • Damages to Company Reputation

When a business is hacked, its reputation also takes a huge hit, either temporarily or permanently. A large percentage of a hacked company’s customers may choose to switch over to their more secure competitor.

According to a 2019 study published on BitSight, nearly two out of five (38%) enterprises admit that they have lost business due to either a real or perceived lack of security performance within their organization. Nearly half of all executives surveyed in that same report admit that their ability to attract new customers was harmed following a security incident.

  • Business Failure

Many businesses, especially small ones or those in their early stage, operate on low margins and may not withstand the significant financial loss resulting from data breaches.

Depending on the severity of such attacks, how stolen data is used, or the damage caused, your business might not be able to withstand the financial implications. It may be forced to close all operations and shut down.

How Enterprises Can Protect Themselves

Data breaches due to bad passwords are bound to happen when you ask employees to create and manage their passwords without providing them with the proper tools to do so.

There are limits to how many passwords your employees can remember and how complex they can be; this, coupled with the ever-growing number of online accounts, makes it easy for your employees to settle for poor password habits and security shortcuts put your company at risk of a data breach.

Employees often create passwords that are easy to remember and very predictable, as creating and storing different complex passwords is a burden.

Hence, employers and enterprises need to sensitize their employees to keep good password behavior with some of the solutions below.

A. Password Managers

Password managers are secure software applications designed to store and manage your online credentials. They make your accounts more secure by freeing you from generating and remembering sufficiently complex passwords, thus allowing for single-purpose passwords that meet a much higher security level.

From auto-filling to encrypting passwords, password managers ensure that credentials stored with them are kept secure.

B. Two Factor Authentication

Two-factor authentication makes use of newer improvements to authentication by combining two out of the three types of authentication; what you know (password, pin), what you have (bank card, sim card), and who you are (fingerprint, facial recognition).

Two-factor authentication is far more secure than passwords alone because it considers two forms of authentication rather than one. Other methods of two-factor authentication include using an authenticator app like Google authenticator or Microsoft authenticator, SMS Codes, and biometrics alongside your password for more secure verification.

C. Passwordless Authentication

One major shortcoming of both password managers and two-factor authentication that is commonly overlooked is the fact that they don’t completely eliminate the burden that is passwords’; this is where passwordless authentication comes in. This provides enterprises the ability to deploy desktop MFA and strong customer authentication.

The passwordless authentication technology removes hackers’ most popular target by completely replacing passwords, forcing them to attack all devices individually. This provides enterprises with increased security and a more secure means of authentication.

In Conclusion

It is becoming clearer that passwords are more of a burden or headache than they are a security tool. As a business owner, protecting your personal and customer data and ensuring your website’s security has to be one of your top daily priorities.

Hackers will always try to attack your employees, the weakest link in your security infrastructure.

The best way to strengthen your entire security system is to make sure both your employees and IT admins are aware of their responsibility to maintain good password security and that necessary steps are taken to provide employees with the necessary tools to fulfill this responsibility.

The post Passwords and Their Ability to Bring Down Even the Largest of Enterprises appeared first on ReadWrite.

Categories
Connected Devices cybersecurity Internet connectivity remote work in 2020 Smart Home smart home devices Work

Security, Connectivity, and Privacy: Plume’s CEO on the Importance of Smart Homes in the World of Remote Work

As workers headed home over six months ago, few companies were prepared for what would follow. Cyberattacks have soared, WiFi connectivity weakened, and businesses simply aren’t operating like they should be.

The IT protections offered by the office simply aren’t there anymore in most cases. If employers and employees alike want to maximize their security, they need to bring some technology into the home.

The problems caused by a newly remote workforce call for advanced technological solutions like Plume, a smart home services pioneer co-founded by Fahri Diner. For Diner, working from home should bring all of the benefits of office life with it, without incurring new problems along the way.

That sounds good, but what exactly does it mean? As Diner describes it, it’s safe, reliable access to the internet, seamlessly integrated with the bleeding edge of smart home tech. And it all starts with a next-generation Wi-Fi optimization solution: Plume Adaptive WiFi.

The Importance of Adaptability

To deal with dead zones—areas without proper WiFi connections—in the home, many people have opted for mesh WiFi systems, networks that disseminate connectivity from a few key points throughout the home. In Diner’s mind, however, this solution doesn’t go nearly far enough.

“Mesh is just a starting point,� Diner explains in a recent Cheddar interview. “We don’t really see ourselves as competing with mesh players.�

In order to get a handle on the difference between mesh WiFi and Adaptive WiFi, think of it in terms of building a highway system. Mesh networks integrate links individually—in other words, building one road at a time without thinking about the optimal way to connect them. Adaptive WiFi, on the other hand, understands your household’s structure and traffic patterns, using this information to build the perfect WiFi highway for you. A highway built haphazardly, piece-by-piece is not going to work as well as it could, so that’s why Adaptive WiFi works as one cohesive system.

For many people, whole-home WiFi access is more of a luxury than an absolute necessity. There is one aspect of Adaptive WiFi, however, that Plume designed specifically with the needs of remote workers in mind: last-mile broadband delivery.

For Diner, this issue is a personal one: “I’ve spent the lion’s share of my professional life working on innovative projects to bring high-speed broadband to people,� Diner writes in a blog post. “The magic that I know happens in the upstream network over tens of thousands of miles disappears in the last few meters—oh come on!�

Some homes, by virtue of their plan, provider, or location, simply don’t get as strong of a signal as others. To help get around this problem, Adaptive WiFi distributes broadband to exactly where it’s being used the most—according to the unique needs of each device and application—ensuring that you’re always getting the amount of signal you need in order to do your work.

With greater connectivity comes greater possibility of infiltration. Adaptive WiFi wouldn’t be what it is if not for another of its key features: intelligent security.

Security: A Crucial Component of Any WiFi Network

The last thing that IT experts wanted was for workers to suddenly leave the office and go work from places without proper cybersecurity protocols, so imagine their shock when the lockdowns began in March of this year. 

No longer are important data points and corporate secrets being sent on secure, in-house networks—they’re coming from workers’ living rooms.

For hackers the world over, it’s like Christmas has come early. Plume IQ data shows that cyberattacks have doubled since lockdowns began, with almost 90% of households reporting at least one blocked attack.

Plume’s advanced cybersecurity carefully observes all broadband activity using AI, so it detects and stops attacks as they happen. By comparing your WiFi signals to enterprise-grade threat intelligence databases, it can determine whether any unusual activity is taking place and immediately put a stop to it. Using sophisticated anomaly detection, Plume’s AI Security can even determine which device has been compromised in real-time and isolate that device such that the threat is fully contained. 

While it’s great to have a network that both functions seamlessly and protects you from attack, Diner sees these as only the beginning. The true value of Adaptive WiFi rests in its ability to power the hands-off smart home.

Adaptive WiFi & Smart Homes

In order for workers to reach office levels of productivity, they need office levels of convenience—that’s where smart devices step in.

Smart devices need a strong, reliable network in order to function properly, but they also can’t become potential points of network vulnerability either. You need a network that can handle both the functionality and the security of a smart home.

In a recent keynote presentation, Diner describes just what a challenge that is. Over 800 million devices are connected to Plume’s OpenSync smart home operating system, covering well over 1,600 brands and facilitating the transmission of 62 petabytes of data per day. 

Transitioning to a smart home could overwhelm a traditional WiFi system and expose potential vulnerabilities in the network. Consumers need to know that a smart home is only as good as the network it runs on.

Plume has partnerships with ISPs the world over in order to provide the best possible service to customers. Diner points to his company’s latest partnership with networking equipment provider ADTRAN as a prime example of how Plume works to maximize connectivity for everyone.

The Importance of Data Privacy

The purpose of all cybersecurity is ultimately to ensure data privacy, and Diner points to three principles that demonstrate how Plume treats customer data:

  • Personal data must stay personal.

Plume keeps no records of data transmitted through their networks, period. The company even provides VPN pass-throughs for those wanting an additional layer of data security. 

  • Personal data is never monetized.

Plume doesn’t monetize user data and never will—to do anything else would be to betray customer trust.

  • Users are in control of their data.

Back in April 2019, Plume released a suite of tools that allow users to control the exact relationship that Plume has with their data, ensuring that no one is in the dark with regards to how their data is used. 

Work-from-home arrangements demand a new level of network, and Diner’s Plume has stepped into the market to provide one. Plume may not be a household name just yet, but all roads today seem to lead straight towards Adaptive WiFi for remote workers.

The post Security, Connectivity, and Privacy: Plume’s CEO on the Importance of Smart Homes in the World of Remote Work appeared first on ReadWrite.

Categories
AI AI security artificial intelligence Cyber Strategy cybersecurity cybersecurity ai Data and Security

The Future of Cybersecurity in the Hands of AI

cybersecurity ai

Globally, the AI cybersecurity job market will witness 3.5 million unfilled cybersecurity jobs by 2021 according to The New York Times. Plus, the market size is predicted to reach USD 30.5 billion by 2025.

A recent Synack Report claims that combining cybersecurity talent and AI-enabled technology results in 20x more effective attack surface coverage than traditional methods.

But it’s difficult to truly understand the implication of these numbers. Most content on the topic leaves the reader to do all the math, connect the dots, and try to understand the real problem behind the numbers, all by themselves – an overwhelming task.

Two of the most interesting topics on the internet today are Artificial Intelligence and Cybersecurity. You want solid takeaways and insights to embrace in today’s inter-connected digital economy.

Challenges of AI: A cybersecurity industry perspective

A recent survey by the Consumer Technology Association identifies AI’s top application as cybersecurity, with 44% of all AI applications being used to detect and deter security intrusions.

At the other end of the spectrum, cybercriminals are increasingly (and innovatively) using AI as digital ammunition. It is to create potent security threats, resulting in an increased demand for cybersecurity experts.

On the subject of threats, here’s my pick of the top-3 current concerns:

1. Increased cybersecurity threat

In 2019, the Wall Street Journal reported that a group of cybercriminals had demanded €220,000 from the CEO of a U.K.-based energy firm. An interesting twist to the plot: they used AI to impersonate the CEO’s voice. The lesson learned? AI provides cybercriminals with an additional edge to bypass security blind spots in an organization.

2. Accelerated volume and complexity of cybersecurity attacks and data breaches

A study by Varonis puts things into perspective:

Accelerated volume and complexity of cybersecurity attacks and data breaches

 

Long story short, AI-powered technology can enable automation of tasks, protect the attacker’s identity, spawn the next frontier in enterprise fraud, a.k.a deepfakes, and refine malicious services (to name but a few instances) at a rate and scale that’s virtually unheard of.

3. A window of (threat) opportunity, owing to greater reliance on AI-enabled technology

Practically speaking, AI-led technology can swing both ways. Either in favor of organizations or in favor of cybercriminals, depending on the circumstances. Organizations can beef up their security by using emerging technologies and AI-led software.

Ironically, attackers can overcome these security controls and manipulate routine tasks by using the same technology in an improvised capacity, giving rise to more complex and interconnected risks. Believe it or not, in 2018, Cisco reported that they “blocked seven trillion threats, or 20 billion threats a day, on behalf of their customers.â€� Currently, it seems like we’re stuck in a “chicken-egg” situation.

How AI is contributing to cybersecurity processes

According to Capgemini, two out of three organizations are planning to adopt AI solutions by 2020.

Despite posing serious threats, AI augments and complements the future of cybersecurity best-practices. Here’s a lowdown of the “AI advantage” in the cybersecurity landscape:

  • Reduced response time to threats and cost of preventing breaches

Synack claims that “using AI accelerates the time to evaluate the breach-worthiness of vulnerability by 73%.�

Plus, additional data by Capgemini research shows that “3 out of 4 executives believe AI in cybersecurity speeds up breach response — both in detection and remediation.

And around 64% said that it also reduces the cost of detection and response.â€� Expert Kayne McGladrey’s take on AI explains what these numbers might mean. Talking to CIO, she says:

“AI’s tenacity results in reducing time to discovery, which doesn’t need holidays, coffee breaks, or sleep. And, is unlike Tier 1 security operations center analysts for whom reading endless log files and alerts gets boring.�

  • Ease of multi-tasking

AI is like a superpower organization that can use in a number of ways – to review user behaviors, find patterns, and locate irregularities in the security network to name just a few.

Ease of multi-tasking

Image Source

  • Enhanced and dynamic security practices

The use of AI in combination with human efforts can help companies find and close critical vulnerabilities 40% faster.

Plus, this allows companies to focus their efforts on creating secure ‘choke points’ instead of spending millions to secure the entire work environment.

Finally, by using AI for improved security, companies can leverage greater returns and minimize risks — a growing-concern among companies today.

  • Minimized security responsibilities with high-quality results

AI is often described as intelligent, and rightly so. There are numerous application areas in which this powerful technology is helping organizations highlight recurring incidents and reverse the damage. (More on this in the next section).

Top-3 impactful use cases of AI in cybersecurity

1. Combing through mountains of security data and automating routine tasks

One of the biggest concerns in cybersecurity is the sheer volume of data organizations have to tackle daily. This is probably one of the reasons why Gmail chose the AI route to block 100 million extra spam messages every day CTO of Seedcamp, David Mytton’s explanation of how AI is disrupting the cybersecurity space is on-point.

In CIO Mytton says, “As more and more systems become instrumented, the problem shifts from knowing that ‘something’ has happened. This is to highlight that “something unusual” has happened.â€�

Instrumented system refers to as — who has logged in and when? What was downloaded and when? What was accessed and when?

2. Reducing false security alarms and capturing unusual incidents

AI intelligence, in conjunction with threat intelligence, can detect new security issues and resolve them, offering a threat detection rate of 95% as opposed to traditional antivirus software, “where the detection rate is only about 90%, meaning 10% of malicious samples are being missed.�

In the same vein, Michael Overly, partner at Foley & Lardner LLP, talked to Digital Munition about the benefits of addressing these missed threats in a time-sensitive manner, saying:

“The hope is that these systems will minimize false alarms and insubstantial issues, leaving a much smaller set of ‘real’ threats to review and address.”

3. Empowering foolproof security by offering predictive functions and improving efficiency

One of the most innovative and effective applications of AI in thwarting security breaches is the use of biometric authentication. Tech giant, Apple, uses this method — commonly known as “Face ID.”

The powerful face ID technology combines built-in infra-red sensors and neural engines to recognize the user. If Apple’s claims are to be believed, the benefits are vast, with “only a one-in-a-million chance of fooling the AI to open a device with another face.â€�

Apart from providing additional layers of security, AI is making teams more efficient, according to 70% of security professionals, and it is eliminating as much as 55% of employees’ manual tasks.

With the additional layer of security and helping the team pivot their energies towards solving more important tasks, AI also powers productivity. Helping with productivity reduces overall stress levels for everyone involved.

Key perspectives and future trends in AI security

  • Training AI-powered systems to protect us

We’ve spoken plenty about how AI works round-the-clock to keep an enterprise secure, but what about the safety and training of the technology itself?
Experts and enterprises need to refocus their strategies on training AI – ML models to max the value of these systems.
ML systems can be trained to learn from historical data and detect anomalies. They can allow companies to mitigate and manage cyberattacks efficiently.

  • AI is the shiny new toy in the digital arms race

From boosting the security defense to hyper-automating parts of the cybersecurity processes, AI will play an increasingly important role in preventing cyberattacks.

Capgemini recently reported that AI “adoption is set to skyrocket, with almost two out of three (63%) of organizations planning to employ AI by 2020.�

  • AI as an offensive-defensive capability

As mentioned earlier, AI is a technology that can be used to both defend and attack an organization’s digital defense systems.

The need of the hour is for cybersecurity experts to proactively identify attacks (think: Spam email attempts, disabling critical infrastructure, among others) and defend against them.

Limitations of AI & possible solutions

AI won’t solve all your security problems. Think of it as a way to advance the security posture, not as a silver bullet.â€� – Raja Patel, vice president, security products at Akamai Technologies.

Limitations of AI & possible solutions

Image Source

  • Experts favor findings verified by humans rather than AI

According to research by White Hat Security, “60% of security professionals are still more confident in cyber threat findings verified by humans over those generated by AI.�

The top-4 areas where human intelligence trumps AI in the operational security process are the use of intuition, creativity, human experience, and frame-of-reference – evolved capabilities that AI is yet to demonstrate, let alone master.

Evidently, the current cybersecurity climate at least has tipped the balance towards human capabilities. The solution? Augmenting human talent with AI’s technological prowess can be a reliable way forward. Aarti Borkar, Vice President at IBM Security, writes in Fast Company of a 360-degree solution enterprises can embrace:

“One way to help prevent bias within AI is to establish cognitive diversity. The diversity in the computer scientists developing the AI model, the data feeding it, and the security teams influencing it.”

  • Establishing AI systems requires an incredible amount of assets and resources, such as memory, accurate data sets, and computing power. Not to mention, it is an expensive and time-intensive undertaking.

Some of the other growing concerns with the use of AI have been well captured by Osterman Research:

Moving forward, let’s look at how enterprises can solve these limitations from a holistic perspective:

  • The first step is for companies to invest in an experienced cybersecurity firm with seasoned professionals.
  • Test systems and audit your hardware as well as software to find and proactively fix security gaps.
  • Install – and constantly update – firewalls and other malware scanners that keep your systems secure.
  • Review the latest cyber threats and security protocols to prioritize risks and develop effective strategies.

AI-Powered cybersecurity in the future: Expert speak

We’ve chalked out the numbers and done our analysis. But what do the experts think about the prevalence and relevance of AI in cybersecurity? Let’s look at the picture painted for us by some of the expert opinions collected in Forbes:

  • The one who uses the technology first will call the shots

Sami Laine, Director of Technology Strategy at Okta, says: “We will see threat actors use deepfakes as a tactic for corporate cyberattacks, similar to how phishing attacks operate.

Phishing attacks are where the money is for cybercrooks, and they can wreak serious havoc on unsuspecting employees.

What this means is that organizations will need to keep validation technology up-to-date; the tools – to create deepfakes and to detect them- will be the same. So, it’ll be an arms race for who can use the technology first.”

  • Rise of deepfakes-as-a-service

Audra Simons, Director of Innovation at Forcepoint, offers an interesting perspective: “We expect deepfakes to make a notable impact across all aspects of our lives in 2020 as their realism and potential increases.

We will see Deepfakes-As-A-Service move to the fore in 2020 as deepfakes become widely adopted for both fun and malicious reasons.�

  • In the offensive-defensive cybersecurity game, the defensive side has their work cut out

Marcus Fowler, Director of Strategic Threat at Darktrace explains what it takes to fight AI with AI: “The building blocks are well in place for the rise of AI-powered cyberattacks in 2020, as more sophisticated defenses and access to open-source AI tools incentivize adversaries to supercharge their attacks.

AI won’t only enable malware to move stealthily across businesses without requiring a human’s hands on the keyboard, but attackers will also use AI in other malicious ways, including determining their targets, conducting reconnaissance, and scaling their attacks.

Security experts recognize that defensive AI is the only force capable of combating offensive AI attacks. And that the battle must be fought by matching – or exceeding – the speed with which attackers innovate.�

  • The emergence of disinformation and fake news

Pascal Geenens, Security Researcher at Radware talks about this hot topic plaguing organizations and countries across the globe: “Disinformation and fake news can spread havoc in both the public and private sector and is increasingly being used as a weapon by nation-states.

In 2020, deep learning algorithms can bring about in generating fake, but seemingly realistic images and videos.
This application of AI will be a catalyst for large scale disinformation campaigns. �

  • The impact of increased digitization on AI and cybersecurity

Phil Dunkelberger, President, and CEO of Nok Nok Labs, sums up how increasing digitization will impact organizations, cybercriminals, governments, and the world at large: “As digitization continues in 2020, data will become more valuable than ever before.
Information that may have previously seemed trivial to the everyday consumer will hold significant value for stakeholders and hackers across the spectrum.

Adversaries or real-life ‘data bounty hunters’ will hunt for new ways to exploit it, governments will seek better ways to access it, enterprises will adopt stronger security measures to protect it, and end-users will demand better privacy to secure their personal information.

Furthermore, with the rise of AI and machine learning, crucial data that impacts how medical decisions are made, where/how autonomous cars move. And more will become increasingly more mainstream—and increasingly more lucrative to threat actors pining for the information.�

The first and last line of defense in cybersecurity

Whichever way you slice it, one key learning, in particular, emerges from all this.

“AI isn’t ready to fly solo any time soon.”

Enterprises, as well as experts, are more comfortable embracing a “middle-ground” approach. AI can be used as a smart tool to augment human intelligence. And help organizations stay competitive and safe in the ever-expanding world of cybersecurity threats.

In a nutshell, the advantages of AI far outweigh the limitations and offer a hopeful (and secure) way forward. What are your thoughts?

The post The Future of Cybersecurity in the Hands of AI appeared first on ReadWrite.

Categories
Cloud cybersecurity Data and Security

Cybersecurity Concerns Shouldn’t Halt Digital Transformation of Your Business

cybersecurity and digital transformation

Cybersecurity is one of the biggest hurdles to progress and digital transformation for companies. Naturally, with new technologies comes new vulnerabilities, which companies can find difficult to navigate especially in new cloud environments.

Legally, cybersecurity designers have to follow strict regulations such as HIPAA (Health Insurance Portability and Accountability Act) and other laws to protect sensitive information that businesses may possess of their clients.

However, companies that can navigate this system and use their information effectively can more than double their profitability.

Security is a focal point for the future, but it doesn’t have to be the end-all-be-all for companies’ progress and transformation. Companies can not only evolve with technology but stay ahead of the curve and use it effectively. Here are three ways to prevent your company’s security needs from halting the digital transformation of your organization.

Security is Where the Cloud is

The future of security lies in the “cloud,” an ambiguous term that much implies your data is stored invisibly in the sky somewhere. The cloud refers to software and services that run on the internet rather than on your computer’s hard drive.

Data is stored and accessed over the internet (on someone’s server) rather than locally, which can make some companies nervous. The worry or nervousness can prevent businesses from jumping into the next generation of security.

Putting trust in the cloud means trusting that the data will be accessible at all times.

Unlimited accessibility is possible, but it can cost a pretty penny, especially as the companies providing the service can charge for things such as bandwidth.

Trusting the cloud also means trusting the companies providing cloud storage services, which many companies have trouble doing. Big corporations such as Amazon, provide cloud storage services to thousands of smaller companies. The companies can run the risk of outages that can last for hours.

Intellectual property issues can also be an issue with cloud storage. Your business and companies that provide cloud storage solutions may have riffs over who owns the data since they’re the ones storing it. This can depend on where the data was created (locally or in the cloud), and what verbiage is used in the terms of service agreement.

Reasons why companies may not want to implement cloud solutions.

However, cloud computing and cloud-based storage solutions are the future. Local storage is limited, but the storage capacity of the cloud is almost unlimited. Almost constant improvement in cloud services means an improvement in the security of data and infrastructures involved in cloud computing. Cloud security can offer reduced costs since the need to invest in dedicated hardware is eliminated. Reputable cloud service providers eliminate manual security configurations.

Familiarizing with the Cloud can help your organization operate at scale, reduce the costs of technology, use flexible systems that can give the company a competitive edge, and keep moving toward the future.

Tokenization is a Secure Digital Transformation

Tokens are a subject that not a lot of companies have heard of, but can definitely benefit from. A digital token is a digital representation of an asset or right. The asset can be a stock, bond, or real-estate.

The digital token can also represent the rights you have to access a form of data. With security tokens, you can have ownership of the asset, and investors in this asset are protected. Security tokens are useful for private securities.

The security token can often be confused with a utility token, which is when the Howey Test is used to differentiate the two.

The Howey Test is a test made by the Supreme Court that may determine if a transaction qualifies as an investment contract. This test asks if the asset is an investment of money, if it’s in a common enterprise, if there’s an expectation of profits, and if the asset comes from the expectations of others. If the asset passes this test, it can legally be considered a security token.

Security tokens are useful for companies to pay dividends and share and generate profits for token holders.

Paper-backed assets have a liquidity problem, but the cryptographic representation of assets takes care of that issue. By utilizing security tokens, businesses can represent their assets with a simple, government-regulated token. They are rather underutilized at the moment, but as more individuals and companies become interested in owning tokenized versions of assets, security tokens show a lot of promise.

Allocate Funding for Cybersecurity

Ironically, businesses can be held back from progress because they don’t know how much money to spend on cybersecurity. Cybersecurity threats have been dramatically increasing for several years, and data breaches are more common than they were ten years ago.

Cyber threats and data breaches are now considered the norm rather than the exception. Threats such as these have made big businesses to increase spending on defense and cybersecurity, but several firms still underspend on their cyber defenses.

Most firms have the most basic forms of cybersecurity, such as firewalls and antivirus. This may have been enough in the old days, but cybersecurity threats today are much more sophisticated and require more evolved forms of protection.

Authentication, encryption, and digital signatures can all help organizations protect their data from cyber threats, and it’s incredibly important that businesses invest in these to prevent costly breaches.

Investing in protection from breaches can be costly, but the chaos that ensues from data breaches when cybersecurity is not taken seriously can be more costly than their preventive measures.

Spending money on these needs now can prevent companies from having to pause operations to fix mistakes from malware, phishing, ransomware, and other forms of data breaches. In this way, the digital transformation of an organization can continue without needing to worry too much about cyber threats.

In the End

The digital transformation of an organization can be slowed down or even halted in the event of a cybersecurity threat.

Knowing how to evolve with the changing cybersecurity industry through cloud computing, tokenizations, and allocating funding for cybersecurity are just three of the dozens of ways to prevent a company from being left behind in its digital transformation.

Image Credit: Andrea Piacquadio; Pexels

The post Cybersecurity Concerns Shouldn’t Halt Digital Transformation of Your Business appeared first on ReadWrite.

Categories
CASB cloud-based programs Connected Devices cybersecurity Data and Security SOAR security

5 Technologies Shaping the Future of Cybersecurity

future of cybersecurity

The more we depend on technology to do business, the more critical cybersecurity becomes. In this age of remote work, companies are relying on more third-party tools and employee devices. Each of those devices and applications represents a potential access point for cybercriminals. Here are five technologies shaping the future of cybersecurity.

The good news is, technology can also be used to combat cyber threats.

Not only can the right software stop breaches now, but these sophisticated tools can be continuously tweaked as new threats continue to evolve.

Here are five technologies shaping the future of cybersecurity:

1. Security Orchestration, Automation, and Response (SOAR)

SOAR security is a suite of technologies that allow businesses to automate some security processes. Typically used in combination with SIEM systems, SOAR closes the gap between incident identification and response.

SIEM systems are great at telling businesses what the issue is. The trouble with them is two-fold: IT personnel sometimes lack the expertise to stop threats; even if they have that expertise, much of the damage is done in milliseconds.

To understand how SOAR systems work, let’s break down the acronym:

  • Security Orchestration

Security technologies need to work in concert with one another. Orchestration is the process of stringing them together so action can be taken swiftly from a single dashboard.

  • Automation

No technology can totally eliminate the need for security experts. But by automating certain steps of the process, SOAR reduces response time and the risk of human error.

  • Response

Unlike prior software approaches, SOAR can actually stop certain threats. Because breaches cause reputational damage to brands even if no customer data is compromised, preventing them is key.

2. Cloud Access Security Broker (CASB)

These days, cloud computing and storage is the standard. Most business applications are hosted remotely, which often allows apps to be accessed from anywhere and on multiple devices.

Naturally, easy access attracts bad actors. Any time data is transferred, it has the potential to be intercepted. Protecting your devices during transfer is where Cloud Access Security Brokers (CASBs) come into play.

CASBs sit between a cloud application and the cloud users, carefully monitoring activity. Sometimes CASBs are in-house software, but they can also be cloud-based programs themselves.

CASBs have a couple of use cases. Some of these access security brokers simply notify administrators about potential incidents. Others work to prevent malware or man-in-the-middle attacks.

3. User and Entity Behavior Analytics

User and Entity Behavior Analytics (UEBA) systems detect insider threats by monitoring users and entities, which include things like routers. They use a combination of machine learning and human decision-making.

If appropriate access restrictions have not been put in place it’s easy for insiders to access sensitive files. UEBA tools analyze users’ behavior patterns and look for anomalies that could indicate malicious activity.

For example, let’s say a particular employee downloads a few images and Word documents each day. Then one day, that person downloads several gigabytes of files. A UEBA tool would flag that download — and either take action or notify an administrator.

4. Hardware Authentication

It’s no secret that most login credentials can be cracked by dedicated hackers. If all it takes is one username and password to access your sensitive data — from any device, anywhere in the world — you’re devices can be in trouble.

Hardware authentication requires not just a username and password, but also a hardware-based approval from a separate device. There are multiple ways hardware authentication can be done:

  • USB security keys

These small devices (sometimes called “tokens�) plug into a USB port to authenticate the user. Using a token will add a layer of protection because the key must be physically possessed, which is difficult to do from a remote location.

  • Optical recognition

An optical recognition factor is a futuristic tool that reads your retina and matches it to a database to verify you are authorized to access the network. Each person’s retinas have unique patterns, just like fingerprints.

  • Finger swipes

Your smartphone might let you login by pressing your finger to a small sensor. Finger swipes work the same way, by using your fingerprints to authenticate you.

5. Data Loss Prevention (DLP)

Often, cybercriminals either sell sensitive data or post it online. Once your sensitive data is out on the internet — getting it taken down is a nightmare. To recover from these attacks, companies often have to send embarrassing emails to customers and reset thousands of accounts and passwords.

DLP is a collection of software and approaches designed to keep sensitive data from leaving the organization’s own network. DLP systems combine a lot of best practices, including:

  • Identifying what data is sensitive
  • Monitoring and controlling endpoint activities, or how users access information
  • Checking data that is uploaded and downloaded from the cloud for malicious software
  • Producing reports to stay compliant with governing agencies
  • Encrypting data in transit

Cybersecurity technologies aren’t just cool, complex things to talk about. They’re essential tools that protect your business from fraud, data leaks, malware, and more.

Knowing what tools are available to you is, at best, half the battle. Don’t wait until a breach happens to put these “data-best-practices” into your data-protection arsenal.

Image Credit: Soumil Kumar; Pexels

The post 5 Technologies Shaping the Future of Cybersecurity appeared first on ReadWrite.

Categories
ccpa cybersecurity Data and Security data privacy data protection GDPR Lead privacy privacy regulations Tech

Privacy Regulations — Are They Really Working to Protect Your Data?

protect your data

Data breaches are happening at an alarming rate. The first half of 2019 saw 4.1 billion compromised records, with the business sector accounting for 67% of the reported breaches and 84.6% of exposed records.

People are starting to take the protection of their own digital identities more seriously.

According to a recent privacy survey, 81% of consumers are more concerned about how companies use their data and 89% say companies should be clearer about how their products use data.

This is why more than 80 countries and regions have adopted comprehensive data protection laws and others will soon follow. But are these laws really working to keep the massive amounts of personal data from falling into the wrong hands?

Regulations like GDPR and the California Consumer Privacy Act (CCPA) are developed with the intent to protect the privacy of consumers in an age where social media and other digital footprints are making it harder to keep that personal information safe and secure.

There are two interesting factors in play that exempt companies from disclosing what they plan to do with the consumer data they collect in certain situations.

Exemptions

In section 1798.105(d), CCPA states, “a business or service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the customer’s personal data in order to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.�

The statement appears to exempt anyone in cybersecurity from the request if they can prove the data is required to meet one of those activities.

Items within certain security platforms that leverage the device and user identity for detection can operate under this exclusion, which is something both the security vendor and customer should, therefore, be cognizant of.

Services Provided

Additionally, section item 1798.105(3) of CCPA states that business shall not be required to comply with the act if they provide a service to “debug to identify and repair errors that impair existing intended functionality.�  

Read that statement again, please!

It opens another huge exception for businesses that debug or repair devices. It appears they are removed from any responsibility to destroy or delete the data after any period of time.

Another implication of this “law” ties into the consumer’s right to repair. Consider a consumer who has their private data stored on a personal device but modifies or repairs that device in some way that leaves the device susceptible to attack or breach.

Who is responsible? The manufacturer or the consumer?

CCPA does not provide guidance on this leaving ambiguity and potential loopholes.

While businesses may comply within these exemptions and services loopholes, that shouldn’t exclude them from the basic ethical obligation they have to inform their customers on what they plan to do with their data.

And these exemptions aren’t winning any favors with consumers, which is why nearly half of Americans don’t trust the government or social media sites to protect their data.

While governments are attempting to help by enacting privacy legislation, consumers must take the protection of their privacy into their own hands by following a few basic guidelines.

Don’t Open that Link

Phishing attempts have grown 65% in the last year and those attacks account for 90% of data breaches. And attackers are finding new ways to make their phishing scams even harder to detect.

An example shows how these attacks are now happening in real-time. The bad actor pretends to be known to the user who claims to have limited cellphone reception, so a confirmation call is not possible. The victim then helps, which then leads to handing over sensitive data to the attacker.

While phishing is getting harder to detect, there are ways to defend against them.

For instance, if there is a request to click on a link, CHECK to see if there any misspellings or weird characters in the URL.

In these cases, it’s a safe bet you can just delete the email (and link) right away.

Make it a habit to avoid clicking on links sent to you via email or social media solutions – especially those from your bank, utility companies, social networks, etc.

Instead, go to the source and type out the URL in the browser and login there.

Multi-Factor Authentication

Multi-factor authentication is one of the easiest ways to protect one’s information, yet many consumers don’t know this capability exists. With multi-factor authentication, a user is asked to provide two or more pieces of information for logging into his/her devices.

For example, along with providing a password, an individual can arrange to have a code sent to their device before access is granted. When you login this way, if an unauthorized third-party somehow steals the password, they still can’t log into the account because they won’t receive the follow up mobile text code.

Many consumer services like Google and Facebook support this capability and individuals are well-advised to use this extra security.

Multiple Passwords

People still fall victim to bad password habits despite the incentives to avoid them.

Using unique passwords for all accounts helps ensure hackers only gain access to the one system associated with that password.

You can check sites like haveibeenpwned.com to determine if your information was lost in a breach.

Please use different passwords for every account — whether it’s for business or personal use.

I know it’s a pain in the butt — however, the longer the password, the better. Password manager applications can then help you store all of these passwords securely and protect them with multi-factor authentication.

There is no one sure-fire way to ensure that the billions of global data records remain protected.

Privacy regulations are a first (and much needed) step in the right direction. However, it’s up to everyone – including consumers – to do their part in protecting their personal identities online.

The post Privacy Regulations — Are They Really Working to Protect Your Data? appeared first on ReadWrite.

Categories
botnet business tech computer security cybersecurity Data and Security ReadWrite Tech

How Prepared is Your Business to Face Botnet Threats?

face botnet threats

Businesses have faced a rock slide due to the factor called “botnets.� Botnets professionals ought to know or at least have an idea of what these (Botnets) are.

Botnets have the ability to deploy malware, which aids in gaining unauthorized entry to the computer or device. We all know this, I know, but do you know that if you expect survival of your business, the steps you are probably applying might not be sufficient enough to save your device?.

As all businesses are linked to the internet one way or another, that is through trading actions, websites, and so, your devices are exposed to the chances of a DDoS attack. A business encountering the threats of a botnet as inevitable. Most of us take some measures, but what if these steps were not as effective as we thought.

Why are attacks seen as a threat to a business?

Botnets are controlled by the herder — the herder is the one responsible for gathering all the corrupted bots and making an army that he uses to attach the device.

We know the botnet are robotic networks used by cybercriminals to commit crimes. The bot herder who is the one who controls the bots uses his army of corrupted bots to cause a disruption on the internet; he makes the bots overload a website, which in turn brings about a denial of entry into the website this is also called a DDOS attack.

When this is done, it gives the herder the opening to do as he pleases. It also disrupts the functioning of a device and making it obey the commands of the hacker or herder if the “bots,” they can be used to defraud advertisers using fake ads which is also a route through which the botnets gain access to the computer system or device, so with one click of the fake advert on the internet the botnets gain entry of the device. 

Memorable attacks

The botnets have recorded some level of very memorable attacks. Businesses that have been affected by botnets are Twitter and Amazon from history in October 2016.

On that Friday attackers controlling a vast collection of internet devices unleashed several massive attacks on Friday that left dozens of popular websites, including Twitter Inc. and Netflix Inc., unreachable for parts of the day on that was one notable event amongst many others.

The attack denied many users from gaining access to websites and also affected the owners of such websites.

Businesses since the invention of botnets have faced security challenges in their operation, tendencies of being defrauded off a large sum of money, identity falsified, hacked websites, fake ads on the internet. Since this is seen as a bane of businesses, it ought to be eradicated or managed in the way that it is not able to carry out its damage.

Some businesses agree that the best way to deal with “botnets” are the precautionary steps, whereby they try to avoid them from entry, but this is just like a war being fought from the outside leaving the insides unguarded if the enemies gain entry through a spot you missed they wreak havoc because within was not guarded.

The precaution comes in the way whereby they are on the lookout trying to avoid entry of botnets. Although this is not a bad step, the truth is one cannot really be too careful; one way or the other, it finds its way in and gets the people or the device unprepared and could wreck its damage and bring loss for a while to such business.

However, if one were to take predictive measures where they already have planned the action to take when it shows and how to deal with it, this would yield more results, precaution measures are measures that prepare the device for when the botnets attack. As stated before, precaution measures are not said to be wrong, but a more assured way is the predictive measure, which prepares the organization ahead of encountering it.

So what are the steps that you are not really paying attention to? Make sure it’s a tradition upgrading your operating system. One fascinating thing about botnets is that they also upgrade themselves towards surviving your preventive measures, so an outdated operating system would soon enough outlive its immunity over the botnets’ attempt for entry.

So for the fact that one could fall short in updating the OS due to forgetting or so on, you can set it on automatically updating. There you are not just safe, but you are also assured of future safety.

It is important that you also know that downloading files from the internet also has a large probability of botnet attack. Botnets, usually in files and sharing services and when you end up connecting, they are given access to get into your device.

Before you download any file or receive any file, make sure it is well scanned or just look for more protected file-sharing networks.

Also, if you wanted to keep botnets out, you would avoid clicking on links that you are not totally sure of. Just as mentioned earlier, botnets hide in areas like ads waiting for that click, and with it, they gain entry.

Such dangerous links that contain viruses live in places like YouTube comments, pop up ads. So you would examine the link and check its authenticity before clicking.

Also, you should avoid emails from unknown sources. This also is a route through which botnets gain entry. The botnets could also be tricky and hide behind a known contact, so you should examine your emails closely in essence, scrutinize it, and make sure you are sure of its source before opening.

One also ought to consider that it is vital to educate your personnel well, most are not well educated on the matter of cybersecurity, and that could be a deterring factor. Do not also give access to your computers or device to about just anyone, very important is the part that only well trained and trusted admins should manage your computer.

Lastly, for solutions, you would be doing yourself a lot of harm if you operated without antivirus software, am sure a lot know this. Antivirus comes in different types. 

Also, primal is that you know that it is the most efficient way to remove botnets. Look for an antivirus capable of safeguarding your devices, which includes your phones, PC’s, and so on. Also, some of them (Antivirus) require upgrades, so try to make sure that they are upgraded.

Concluding, we cannot totally be sure we are covered from botnets — they upgrade. Sometimes it takes time to get used to the various applications to keep them out, and soon enough they surpass the protective measure adopted, which is why upgrading your Operating system was mentioned. Also — check out the botnet safety service really well. The fake ones are out in force right now with the COVID stuff.

A simple upgrade helps keep the device prepared for its attack. As mentioned before, we can’t be too safe, but an organization is adopting these steps and following it diligently is ensured a high degree of safety from botnets.

The post How Prepared is Your Business to Face Botnet Threats? appeared first on ReadWrite.

Categories
cybersecurity Data and Security data security privacy ReadWrite Web

10 Security Tips for ‘Work From Home’ Enterprises During COVID-19

security tips for work at home

Millions of companies have shifted office work to work from home in this pandemic time. It’s crucial to consider the consequences of access to internal IT infrastructure, systems access, data repatriation, and bandwidth costs.

Essentially, what this means is that when the employee remotely accesses the data, the risk to that data increases.

Most of the time, the risk is only between the internal network, server, and end-user device. While external working contributes to the risks that include local networks, public internet, and consumer-grade security systems.

The following are some of the strategies to minimize these data security risks.

  1. Run a password audit

Your company needs to audit passcodes for all employees. This does not mean demanding personal information from users, but it helps in redefining and resetting passcodes that are used to access specific business services in accordance with the strict security policy.

Alphanumeric codes, the use of two-factor authentication, should become obligatory. Moreover, you should ask your team members to protect all the devices with the toughest protection possible. You should also ensure that all of your business-critical passwords are stored securely.

2. Share basic security knowledge with employees

Employees working from home must be provided with essential safety advice. This knowledge sharing activity will help all employees to guard against any type of cyberattacks, phishing emails, public Wi-Fi, to ensure that home Wi-Fi networks are adequately secured and to verify the safety of the devices they use to get work done.

Employees should be particularly advised to avoid clicking links in the emails from people they don’t know and to stay safe from the cyberattacks carried out by other countries.

They also need to know basic security advice, and it’s also vital to have an emergency response team in place at your business. People need to know who to contact in the event they detect a security anomaly.

3. Encourage the use of secured cloud services

One way to secure the endpoints for the employee is to ensure that the sensitive information is not stored locally. Data storage should be cloud-based wherever possible. Not only that, but employees should be encouraged to use cloud-based apps as well. It’s also essential that any third-party cloud storage services must be verified by the network and security team.

4. Mandatory backups

Make sure to use backup tools, where appropriate, would be helpful. Otherwise, you should encourage employees to use external drives to back up computers. If you are using a mobile device management (MDM) or enterprise mobility management (EMM) software, automatic backups can be initiated through the management console of your system.

5. Use an MDM/EMM solution

It may be sensible to install an EMM or MDM system. It will make the provision and management of your device fleet much easier, while also separating corporate data from personal data. These solutions also provide better control of device and Mac security.

6. Provide VPN access to employees

One way to secure data is to use a VPN that will help employees to keep their data encrypted. It also helps in masking and hiding the IP address.

7. Provision security protection

Make sure that the state-of-the-art security protection is installed and active on any devices that are used for work. That means there should be firewalls, virus checkers, and device encryption in the palace.

8. Update software

Encourage the employees to update their applications to the new version that the company’s security strategy supports. (Some companies lag behind the Apple software release schedule, however, most don’t.) Also, activate automatic updates on all of your devices.

9. Develop contingency plans

Trip your teams by ensuring that the operational roles are shared between teams. Also, ensure that you are implementing contingency plans now in case key staff get sick. Assign and duplicate all security management, tech support, passwords, failsafe roles, and essential codes.

10. Reset Wi-Fi router passwords

Not every employee will have their Wi-Fi router reset to the default password. If you have an IT support team, then it should become a priority to provide telephone guidance to secure home routers. You don’t want to subject your information to a man in the center, data sniffing, or some other form of assault.

You may also need to make payment arrangements for any excess bandwidth used, as not all broadband connections are equal. In the current crisis, some (most recently, AT&T) are making positive sounds about enhancing available data packages.

The post 10 Security Tips for ‘Work From Home’ Enterprises During COVID-19 appeared first on ReadWrite.

Categories
business cybersecurity Data and Security Entrepreneur Entrepreneurs hiring Hiring Process IoT Tech

Tips to Hire and Retain the Right Cybersecurity Professionals

cybersecurity professionals

You must have heard the major issue the industry is facing right now? – a significant shortage of talented, skilled cybersecurity professionals. And it’s likely on pace to get worse with more than 1.8 million hit by 2022.

Have you ever thought that your business could be the next victim of a cyberattack? The worse is that an estimated 60 percent of small businesses will close for up to six months after a major cyberattack.

For over 25 years, the information security landscape seems to evolve at a faster clip each year. In fact, cybersecurity came in a long way and Info-Security World has been there through it all.

Although, an unprecedented demand for well-trained cybersecurity workers continues to grow. But, several companies have built traditionally direct traffic from one destination to another, passing judgment about the content; shortage of qualified personnel.

To develop the right cyber workforce, the tide of opinion is to make a change.

Cybersecurity is the act of protecting computer systems, networks, and programs from all forms of cyberattacks. However, the flaw will always be an advantage once you adopt to hire the wrong personnel. But once you understand the basics of having the right cybersecurity workers then the deeds are well to be safe.

Below, therefore, are tips for hiring and retaining the right cybersecurity professionals.

1. Don’t Rely on Experience and Certification, But Ability and Motivation to Learn

Having one or more certifications sounds pretty sensible in today’s world, doesn’t it? And many business owners are always interested in those with the best. But what is certification when workers lack the ability and motivation to learn?

No wonder Google, Apple, and other companies give less attention to certificates or degrees.

Yea, many individuals holding a well-graded certificate and have achieved the experience might be the best to pick out of the options.

Don’t get this wrongly, the point here is to cybersecurity. Cybersecurity has to do with technology, however, technology evolves quickly, and knowledge that’s relevant today will seem hopelessly outdated sooner than you think.

For instance, say you needed a certificate to develop iOS apps; you employee a shiny certificate that would probably be outdated every year or two, as Apple rolls out new versions of the software.

You’re now only recruiting iOS 7-certified developers with Swift certificates, you agree to the qualifications, and by the end of next quarter, that requirement will change to Swift 2021 certificates only.�

Yes, this is an exaggeration for effect, but the principle holds: the evolution of technology makes many certificates obsolete pretty quickly.

Afterall cyber attackers won’t stop learning how to get into businesses, so throw this question on the list while interviewing:

Do you have the ability to learn? And Are you motivated to learn? If the answer is yes then that might be who is needed to be at the position to hold tight to your business cybersecurity.

2. Drop Default Requirements For College Degrees

Education requirements are a standard part of any job description. And a bachelor’s or an advanced degree is often a hard and fast requirement in the business world.

Though two-thirds will graduate with a degree even if 70 percent of Americans will study at a four-year college, you might still want to inflate the value of a college degree.

Relevant Skills and experience are primarily what you’re looking for when hiring. You want to make sure anyone who joins your team knows their job and it’s easy to assume a college graduate learned their craft in school.

Smart employers seek candidates with relevant certifications and who keep up with the latest trends in the space.

So in the case of a college degree, placing a default requirement can be a good idea to look for the major candidates and focus more on their supplemental education – especially for roles that are continuously evolving. Some big companies like Apple and Google already did that.

3. Offer Better Compensation and Perks

What are employee benefits? What benefits and perks can you render when you’ve found the talented cybersecurity professional? How valuable are these compensations and perks to them?

According to Glassdoor’s Employment Confidence Survey, 79 percent of cybersecurity professionals would prefer new or additional benefits to a pay increase. Specifically, more women 82 percent than men 76 percent prefer compensations or perks to a pay raise.

Google checked in at the top one. (Surprised? I didn’t think so.) The tech sector, in general, dominates the list, accounting for nearly half of the ranked companies.

As a business owner, you may wonder about your rights and obligations as well as popular trends when it comes to offering perks. Well, you can offer it and many companies in your size are doing the same.

It simple, offering flexible times, vacations, e.t.c. All you did was giving the chance to your employees to be out of the office and focus on their personal lives while still receiving a paycheck.

Guess what! This makes them respect you as the boss and they will not for once take the job position for granted, trying to avoid mistakes and make perfection all the time.

4. Ask For Skills that go Beyond Technical Certifications and Technical Abilities.

There are good skills for any business, which means they should be top-of-mind for every employer. And they’re good skills for any resume, so qualified candidates should be including these skills in their resumes.

How would it be when you employ one who has no skill in decision making or someone who lacks time management or analytical and problem-solving skill. Just imagine how your position would be exposed to cyber attackers.

Business moves at a much quicker pace today, and employees are expected to be appreciated and to move up in the companies with a very kind of strategy. As a business owner, you need workers who can do the job today with an eye toward what they might do in the near future.

However, the employees should have some skills that have always been in demand for perfection in modern business.

5. Develop Training Programs to Increase the Perception of Potentiality

In the business world, developing programs to enlighten employees is an extensive process that plays a crucial role in the company’s overall operations.

When a new employee starts, they’re a sponge, ready to absorb information about your company, your policies and procedures, and their role and responsibilities.

Existing employees also need ongoing training to learn new skills, improve existing ones, and continue to grow over time.

6. Use Job Sharing and Rotation Programs to Broaden their Skills

There are many reasons for job rotation programs when it comes to cybersecurity in your business. Employees, particularly millennials, want more opportunities to learn, grow, and advance their careers. In fact, job development is so important that 87 percent of millennials want it.

Today’s cybersecurity professionals are dedicated to advance their professional development, however, some can be hard to hold onto. Why? Because one way to support employees’ desire to learn and grow is with job rotation programs.

Job rotation is a strategy where employees rotate between jobs in the same business. Employees take on new tasks at a different job for a period of time before rotating back to their original position. With a job rotation system, employees gain experience and skills by taking on new responsibilities.

Job rotations are meant to promote flexibility, employee engagement, and retention. Employees don’t always have to change companies to get the development they want. However, implementing a job rotation strategy will help you retain the talent you really need in your organization.

The post Tips to Hire and Retain the Right Cybersecurity Professionals appeared first on ReadWrite.

Categories
Connected Devices cyberattack cybersecurity Data and Security ReadWrite

Manufacturers: Approach Cybersecurity Like Your Assembly Line

cybersecurity

To combat cyberattacks, which pose a growing threat during the COVID-19 pandemic, manufacturers should take a page out of their own book and apply an assembly line approach to their cybersecurity.

More connected devices on the factory floor mean more opportunities for hackers to attack.

Even after the infamous cyberattacks of WannaCry and NotPetya that cost manufacturers millions of dollars in 2017, nearly half of all manufacturing companies still suffered a data breach in the past year. Threats are evolving so quickly that manufacturers simply can’t keep up.

But by breaking down cybersecurity into its independent parts, manufacturers can better prepare for inevitable data breach attempts.

Growing IIoT cybersecurity risks.

Despite the security risks associated with the Industrial Internet of Things (IIoT), connected devices have far more advantages than disadvantages on the factory floor.

The manufacturing industry must embrace digital transformation to remain resilient amid a tight labor market, shifting trade policies, and a global economy hit hard by COVID-19.

IIoT devices can help manufacturers improve performance, access consistent reports and insights, improve process visibility and customize their capabilities more seamlessly.

IIoT devices are particularly vulnerable to attack.

  • Many black box devices like smart sensors and programmable logic controllers (PLCs) run on outdated code — in some cases code from the 90s — with bolted-on modules.
    The decades-old code often contains bugs that put devices at risk of dedicated-denial-of-service (DDoS) attacks, or even total takeovers.
  • Additionally, many of these black box devices aren’t set up or configured by IT departments. For example, most manufacturers choose which milling machines to purchase based on how quickly they turn out parts, not how strong their firewall is. But when these devices join the connected world, they’re exposed to new threats.
  • The companies that produce connected devices often intentionally leave open a backdoor so they can more easily conduct routine maintenance. In some cases, the only way manufacturers can update a device is through USB ports, which are notoriously prone to malware transmission.
  • Manufacturers haven’t done their due diligence in training blue-collar workers, who are often not as IT savvy as those in white-collar industries. Workers unfamiliar with proper security protocol are more susceptible to phishing scams.
  • Similarly, as mobile scanning apps become more popular on the factory floor, manufacturers have introduced more opportunities for potential attacks. Most companies don’t have the capacity to manage various individual devices and apps in addition to their own technology, so personal tech often goes unsupervised.

Because IIoT devices are more susceptible to cyber breaches, DDoS attacks are common.

Think back to the 2016 attack on Dyn, a domain name system (DNS), which brought down major sites including Twitter, Netflix, Paypal and Spotify. Groups of automated harmful programs, or botnets, attacked IoT devices in what was, at the time, the largest DDoS attack in history.

Not only are the risks of cyberattacks growing, the consequences can be devastating.

According to a study conducted by IBM, the average time to identify a data breach is 197 days, the average time to contain a data breach once identified is 69 days and the average cost of a data breach in the U.S. is $7.91 million.

In the words of former FBI Director Robert S. Mueller III, “It is no longer a question of ‘if,’ but ‘when’ and ‘how often.’

There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.�

The assembly line approach to cybersecurity.

Even though data breaches are inevitable, manufacturers can still take the right precautions to decrease their magnitude and mitigate potential damage.

Think about cybersecurity like a product in your assembly line. At every stage in the process, something new gets added, until you’ve assembled the final product. But if you stop adding new pieces in the middle of the process and try to use the product, it likely won’t work properly.

Cybersecurity requires similar layers of firewalls, encryption, anti-malware, access control, and endpoint protection to best defend your IIoT devices.

Managing cybersecurity like an assembly line requires strategies for every part of the process.

  1. Education: Employees who don’t know better are some of the easiest targets for cyberattackers. But a few simple process changes can help diminish instances of breaches caused by employees.
    1. Onboarding tutorials: Teach employees what to watch out for on day one. Include a web tutorial on how to avoid phishing scams as part of the onboarding process, and follow it up with a short quiz.
    2. Frequent testing: Any employees who use devices that can get hacked should be tested frequently. Send your own test phishing messages to ensure initial training actually took hold. Employees that click the links in these test emails should be automatically scheduled to take a refresher course.
  2. Network segmentation and device fencing: To address the rise of unsecured IIoT and personal devices on the floor, manufacturers should invest in network segmentation. By splitting your main computer network into subnetworks, or segments, companies can not only boost performance but also enhance security.

    Segmentation restricts network access to approved users and gives IT teams the ability to better control, monitor and protect the flow of information. If one subnetwork gets hacked, the risk of spread and the amount of data compromised are much lower.

    Additionally, manufacturers should establish device geofencing, which provides an added layer of access control and streamlines BYOD management. These boundaries limit access to certain applications or devices and track compliance within a specific geographical perimeter.

    A geographical perimeter can also be set up as a “device fence” — to alert system administrators when company-owned devices leave the premises or the device can be set to automatically shut off access.

  3. Hiring and outsourcing: Many manufacturers simply don’t have the IT department needed to monitor and manage security risks. Often, the same person is responsible for managing both the company’s security and its network.

    These employees are usually overworked and lack the necessary checks and balances of a fully staffed IT department. It should come as no surprise then that the burnout rate is incredibly high among these professionals — adding further strain to manufacturers trying to compete in a tight labor market.

Even with the right number of IT professionals in place, every business operating in the connected world needs 24/7 security coverage, 365 days a year.

Managed security service providers (MSSPs) can fill in the gaps that IT departments can’t manage single-handedly. External specialists not only have access to a much broader cybersecurity toolkit than in-house staff, they also often cost less than hiring an entire internal team. And the savings in reduced malware infection rates are invaluable.

MSSPs provide several crucial layers necessary for an assembly-line approach to cybersecurity.

The MSSPs approach includes a perimeter defense, endpoint security, intrusion detection and prevention systems (IDPs). The MSSPs also provide security information and event management (SIEM).

When selecting an MSSP, look for a partner with:

    1. Considerable experience with incident response and use of leading endpoint protection technologies.
    2. Multiple client success stories, case studies and credible references.
    3. Breach detection that analyzes every trouble ticket, instead of just tracking trends.
    4. Experienced staff — with the proper certifications — in every time zone where you conduct business.

The pace of IIoT cyberattacks isn’t letting up anytime soon.

No, the pace of IIoT cyberattacks isn’t letting up — they’re intensifying in the wake of the coronavirus.

It’s only a matter of time before your manufacturing company is breached — if you haven’t been already.

Know that the right combination of security layers can help you detect and prevent more breaches, and recover quicker when the inevitable strikes.

Image Credit: Ivy Son; Pexels

The post Manufacturers: Approach Cybersecurity Like Your Assembly Line appeared first on ReadWrite.