Article | March 2, 2020
EC-Council, leading global information security certification body, conducted a table-top, cyber wargame among top cybersecurity executives in Tampa, Florida. The sold-out session, “CISO wargame,” included 27 senior executives from the largest managed IT service providers in the United States. The event presented the security experts with a simulated incident where an organization is hit by a ransomware attack. Participants had to work to contain the damage of the attack, which grew more complicated as the 4-hour exercise unfolded. Participants were tasked with deciding whether to pay a ransom and use ransom negotiators as well as to communicate with employees, stockholders, and the media about the breach.
Article | March 2, 2020
It has been more than a month since businesses around the world started to implement contingencies in response to the Coronavirus. The Cyber Threat Index Report by Imperva Research Labs tracks changes in traffic and attack trends across multiple industries and countries. This month’s edition looks at how COVID-19 is affecting all industries across the globe. Our researchers have found that while some sectors are experiencing a dip in the number of attacks, on the whole they remain consistent. As the chart below shows, certain sectors have experienced a significant increase in attacks over the past few months: attacks on gaming are up seven percent, food & beverages are up six percent, and financial services are up 3 percent.
Article | March 2, 2020
Cyber Security has quickly evolved from being just an IT problem to a business problem. Recent attacks like those on Travelex and the SolarWinds hack have proved that cyber-attacks can affect the most solid of businesses and create PR nightmares for brands built painstakingly over the years. Investing in cyber security training, cyber security advisory services and the right kind of IT support products, has therefore, become imperative in 2021.
Investing in cyber security infrastructure, cyber security certification for employees and IT solutions safeguards businesses from a whole spectrum of security risks, ransomware, spyware, and adware.
Ransomware refers to malicious software that bars users from accessing their computer system, whereas adware is a computer virus that is one of the most common methods of infecting a computer system with a virus. Spyware spies on you and your business activities while extracting useful information. Add social engineering, security breaches and compromises to your network security into the mix, and you have a lethal cocktail.
Article | March 2, 2020
While not flashy, cryptographic processing is foundational and critical for data confidentiality, integrity, and authentication. Cryptography is what powers the world’s transactions, so it must be highly available, fast, and scalable — and, most importantly, secure. For Futurex, cryptography is in the limelight every day. As a global company, we have a presence in many of the largest banks, retailers, IoT device manufacturers, and corporations. Let me shed some light on what trends we are seeing:
1. Data encryption delivered via a service-oriented architecture:Organizations have ever-increasing volumes of applications and services that require strong cryptography with HSM-backed data encryption and key management. Managing complex cryptographic environments can be overwhelming, time-consuming, and expensive — and if not deployed or managed correctly, can introduce significant data security risks. Therefore, organizations are looking at other options and looking to experts. We’re having regular conversations with customers about how data encryption can be delivered from a service-oriented architecture standpoint. The industry is reaching a new level of maturity and is adopting cryptography and key management as a native component of its environments.
2. Cloud-based data security hardware security modules (HSMs):Enterprises and financial services organizations are increasing their adoption of cloud-based data security infrastructure. With new developments in cloud adoption, regulatory compliance, and greater data residency capabilities — and HSMs in the cloud, the infrastructure is in place. And it’s been tested. We pioneered cloud-based HSMs back in 2015, with the VirtuCrypt Hardened Enterprise Security Cloud.
3. HSM flexibility:Organizations are looking at robust solutions that meet the highest level of encryption, but that are flexible to fit the needs of their use cases, organizational infrastructure, expertise, and budget. These days, organizations have different options with HSMs: on-premises, cloud, and hybrid. A quick overview: an HSM’s core functionality is centered around encryption: the process by which sensitive data is rendered indecipherable to all except authorized recipients. Encryption is made possible using encryption keys. Because knowledge of the encryption key aids in decrypting information, it is vital that these keys are secured in a private environment.
Hardware Security Module considerations
4. Next level remote key loading: encrypted key loading. Remote key loading is not new, it’s been around for more than a decade. Remote key loading enables users — point-of-sale terminal deployers, banks, encryption services organizations (ESOs), major retailers — to remotely inject encryption keys anytime wherever they are deployed, saving time, cost, and hassle. With the growth of mobile-based terminals, remote key loading has become a necessity, ensuring that the utmost security and compliance requirements are met.
5. Contactless payments with CPoC:Contactless payments eliminate the need for card reading hardware and provide a high level of security. CPoC is a PCI SSC compliance standard that stands for Contactless Payments on COTS, or commercial off-the-shelf. This standard is helping to accelerate adoption of SoftPOS contactless payments for individuals and small businesses, while giving large retailers news ways of improving the customer payment experience. It is also expected to be widely adopted in developing economies. Contactless payments extend the point of sale beyond the checkout counter using near-field communication (NFC) chips embedded in smartphones and tablets available off the shelf. CPoC-based applications, with their transaction processing functionality and high level of security, make them advantageous for all merchants who need payment agility and scalability.
6. Future-proofing for quantum computing:OK, this is not yet a trend, but it needs to be! The rise of quantum computers is on the horizon, and this inevitable threat stands to break public key cryptography as we know it. Once quantum computers become more widespread, they will be capable of breaking common cryptographic methods used today, such as RSA, ECC, or Diffie-Hellman, simply because of how quickly they can calculate solutions. This is concerning for every organization whose security depends on public key cryptography and particularly serious for long-lifespan Internet of Things (IoT) devices such as satellites, automobiles, and critical infrastructure components that rely on cryptography for code signing. Are organization prepared for the post-quantum shift? Not yet. Enterprise-level code signing is the best way to ensure your organization’s cryptographic infrastructure remains secure now with the rise of quantum computing.
If every industry — banking, groceries, satellites, automobiles — relies on cryptography for data protection, transmission, and transactions, isn’t it time to take a closer look at your cryptographic infrastructure?