Key Considerations for Selecting an Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response

| December 13, 2018

article image
In the industrial cybersecurity industry today, there are two main challenges facing those responsible for protecting their organizations’ networks: a largely unknown threat landscape and a shortage of experienced personnel with effective threat detection and response capabilities. With the number of threats to the ICS industry increasing every year, organizations are assessing their need for industrial cybersecurity in response to these challenges, and many are looking for support from ICS cybersecurity platforms that can make the most of their budgets, supplement their defenses, and give them more resilient security postures.

Spotlight

Daon

Daon is a leading provider of award-winning biometric identity assurance software products and services focused on meeting the needs of governments and large commercial organizations worldwide. Daon supports customers and system integrators in building enterprise solutions requiring the highest level of security, performance, scalability, reliability and privacy. Daon’s IdentityX platform ensures that only you can authorize your financial / business transactions or access your most important and personal information. Using your mobile phone, IdentityX offers risk solutions and empowers you to securely establish your identity through a combination of encryption, biometrics such as face, voice, and fingerprint, PIN entry, and location-based technology . IdentityX is a fully mobile, private and cost effective solution that allows you to decide the level of security for each type of transaction - balancing convenience and security as you desire. IdentityX has been deployed by a growing lis

OTHER ARTICLES
DATA SECURITY

Noxious Zero-Click Attack: What Is It And How To Avoid It

Article | January 19, 2021

For years, we have been told that cyber-attacks happen due to human-errors. Almost every person has stressed about training to prevent cyber-attacks from taking place. We have always been on the alert to dodge errant clicks or online downloads that might infect devices with security threats. However, not all attacks need a user’s oversight to open the door. Although avoiding clicking on phishing emails is still significant but there is a cyber threat that does not need any human error and has been in the recent news. It is known as Zero-Click attack where some vulnerabilities can be misused by hackers to launch attacks even without interaction from the victim. Rather than depending on the hardware or software flaws to get access to the victim’s device, zero-click attacks eliminate the human error equation. There is nothing a victim can do once coming into the limelight of the hacker. Also, with the flourishing use of smartphones around the world that entails all the personal information and data, this thread has expanded enormously. How Zero-Click Attacks Occur? The core condition for successfully pulling off a zero-click is creating a specially designed piece of data which is then sent to the targeted device over a wireless network connection including mobile internet or wifi. This then hit a scarcely documented vulnerability on the software or hardware level. The vulnerability majorly affects the messaging or emailing apps. The attacks that have begun from Apple’s mail app on iPhone or iPad, have now moved ahead on Whatsapp and Samsung devices. In iOS 13, the vulnerability allowed zero-click when the mail runs in the background. It enables attackers to read, edit, delete, or leak the email inside the app. Later these attacks moved to Samsung’s android devices having version 4.4.4 or above. The successful attacks provide similar access to the hackers as an owner, entailing contacts, SMS, and call logs. In 2019, a breach on Whatsapp used the voice call functionality of the app to ring the victim’s phone. Even if the victim didn’t pick the call and later deleted it, the attacks still installed malicious data packets. These grants access to the hacker to take complete control of call logs, locations, data, camera, and even microphone of the device. Another similar attack had happened due to the frangibility in the chipset of WI-FI that is used in streaming, gaming, smart home devices, and laptops. The zero-click attack blooms on the increase of mobile devices as the number of smartphones have reached above 3 billion. How To Avoid Zero-Click Attacks? Most of the attacks of zero-click target certain victims including corporate executives, government officials, and journalists. But anyone using a smartphone is a possible target. These attacks cannot be spotted due to the lack of vulnerabilities. So the users have to keep the operating system along with the third-party software updated. Also, it is a must to give minimal permissions to apps that are being installed on the device. Moreover, if you own a business and are afraid of the zero-click attacks on your company’s app, you can always seek IT consultations from top-notch companies orhire developersthat will help in developing applications with hard-to-creep-into programming languages where detecting an attack is efficient.

Read More

Creating and rolling out an effective cyber security strategy

Article | January 19, 2021

What’s more, organisations should also keep in mind that prevention alone is not enough; according to IBM, the average breach detection and containment times currently sits in the region of 280 days. In this time, it’s easy for cyber attackers to gain a foothold in an environment and quickly cause damage. “When developing a cyber security strategy, traditionally enterprises have focused on the threat prevention with little attention given to detection and often none to response,” said Martin Riley, director of managed security services at Bridewell Consulting.

Read More

Coronavirus malware roundup: watch out for these scams

Article | January 19, 2021

With so many of us hunting out the latest Covid-19 info, it hasn’t taken long for hackers to take advantage. So first off, a basic hygiene reminder: Don’t download anything or click on any links from unfamiliar sources. This includes coronavirus-related maps, guides and apps. Here’s a closer look at some of the specific threats that have emerged over the last week or so. The DomainTools security research team has uncovered at least one example of a coronavirus-related fake app .The Android app in question was discovered on a newly created domain, (coronavirusapp[.]site). The site prompts users to download an Android App to get access to a coronavirus app tracker, statistical information and heatmap visuals. The app actually contains a previously unseen ransomware application, dubbed CovidLock. On download, the device screen is locked, and the user is hit with a demand for $100 in bitcoin to avoid content erasure.

Read More

Data Privacy Problem: Are Home Genealogy Kits a Security Threat?

Article | January 19, 2021

Surprising news recently emerged from the personal genetics business. The two leading direct-to-consumer companies in North America, 23andMe and Ancestry.com, announced within a week of each other that they were laying off a significant proportion of their workforce as a result of a steep drop in sales. This past Christmas, the sales of testing kits were expected to take a sharp hike — nothing says family like a gift that says prove it. But sales plummeted instead. According to Second Measure, a company that analyzes website sales, 23andMe’s business plummeted 54 per cent and Ancestry kits sales declined 38 per cent. Industry executives, market watchers and genealogists have all speculated about the causes of the drop in consumer interest. Market saturation? Early adopters tapped out? Limited usefulness? Recession fears? Whatever the theory, everyone seems to agree on one factor: privacy concerns.

Read More

Spotlight

Daon

Daon is a leading provider of award-winning biometric identity assurance software products and services focused on meeting the needs of governments and large commercial organizations worldwide. Daon supports customers and system integrators in building enterprise solutions requiring the highest level of security, performance, scalability, reliability and privacy. Daon’s IdentityX platform ensures that only you can authorize your financial / business transactions or access your most important and personal information. Using your mobile phone, IdentityX offers risk solutions and empowers you to securely establish your identity through a combination of encryption, biometrics such as face, voice, and fingerprint, PIN entry, and location-based technology . IdentityX is a fully mobile, private and cost effective solution that allows you to decide the level of security for each type of transaction - balancing convenience and security as you desire. IdentityX has been deployed by a growing lis

Events