Data breach: Why it’s time to adopt a risk-based approach to cybersecurity

Help Net security | January 28, 2020

The recent high-profile ransomware attack on foreign currency exchange specialist Travelex highlights the devastating results of a targeted cyber-attack. In the weeks following the initial attack, Travelex struggled to bring its customer-facing systems back online. Worse still, despite Travelex’s assurances that no customer data had been compromised, hackers were demanding $6 million for 5GB of sensitive customer information they claim to have downloaded. Providing services to some of the world’s largest banking corporations including HSBC, Lloyds, Barclays and RBS, the attack will clearly have a significant long-term impact on Travelex’s reputation and revenues. The company also potentially faces a catastrophic fine if customer data is found to have been accessed illegally.

Spotlight

Outsourcing to cloud brings a new face to computation. In outsourcing, maintenance cost as well as upgrade cost is low to zero. Outsourcing's features are held back by data privacy concerns. In cloud, privacy of data can be assured by encryption schemes. Common encryption schemes will decrypt the data before processing and re encrypts data after processing, key sharing required. The sensitive data inside the processor are vulnerable to eavesdropping and other attacks. HEROIC Framework (Homomorphically EncRypted One Instruction Computer) a secure architecture for processing data in encrypted form is introduced as a promising solution to the security and privacy concerns.

Spotlight

Outsourcing to cloud brings a new face to computation. In outsourcing, maintenance cost as well as upgrade cost is low to zero. Outsourcing's features are held back by data privacy concerns. In cloud, privacy of data can be assured by encryption schemes. Common encryption schemes will decrypt the data before processing and re encrypts data after processing, key sharing required. The sensitive data inside the processor are vulnerable to eavesdropping and other attacks. HEROIC Framework (Homomorphically EncRypted One Instruction Computer) a secure architecture for processing data in encrypted form is introduced as a promising solution to the security and privacy concerns.

Related News

SOFTWARE SECURITY

SafeGuard Cyber Delivers Context-Aware Response with Microsoft Azure AD and Okta

SafeGuard Cyber | August 01, 2022

SafeGuard Cyber, the leading provider of security and compliance solutions for email and communication-based threats, today announces automated response and multi-channel user onboarding with Microsoft Azure AD and Okta integrations for its security and risk management platform. These integrations enable automated and workflow-based responses to advanced social engineering threats such as impersonation and account takeover, as well as other threats, business risks, and compliance violations. The integrations extend the SafeGuard Cyber platform's multi-channel detection capabilities, with the ability for security and compliance operation teams to manage and automate responses to threats and risks across all communication channels. "In the current economic climate, organizational leadership needs to ensure optimum resource utilization in security operations and reduce unnecessary costs," said Chris Lehman, CEO of SafeGuard Cyber. "Many of our enterprise customers have made significant investments in Azure AD or Okta to manage identities across their organizations, and our new capabilities allow them to streamline operations and maximize ROI for their security and overall operations." Integrated response through SafeGuard Cyber enables security architects and operations teams to deliver the ideal response to threats and business risks, either in an automated or direct action through the SafeGuard Cyber platform as part of incident management or an investigation. "As the threats of fraud, impersonation, and social engineering increasingly result in material breaches and financial losses through ransomware and business compromise, the need to have a context-aware, zero-trust foundation with detection and response capabilities is more urgent than ever. "Our integrations with Okta and Azure AD enable organizations moving towards a cloud or hybrid workplace to simplify identity-based responses to communication-based threats, while enriching authentication to include context and intent of interactions." Rusty Carter, chief product officer at SafeGuard Cyber Context-aware and advanced integrated response with Okta and Azure AD is available for all SafeGuard Cyber customers and delivers: Automated user onboarding for monitoring communications by group Automatic, risk-based responses that include user-session invalidation Support for all SafeGuard Cyber protected channels SafeGuard Cyber detects attacks and identifies risk by understanding how humans interact and communicate. The company's Natural Language Understanding-based SaaS platform offers the industry's most advanced visibility and detection of phishing, BEC and malware attacks that span the full range of modern business communications channels, including social media, collaboration, mobile messaging, conferencing, CRM and the Microsoft 365 ecosystem. About SafeGuard Cyber SafeGuard Cyber provides the only comprehensive technology solution for addressing cybersecurity threats and compliance risks across the modern cloud workplace. The company's patented and award-winning Natural Language Understanding technology analyzes and correlates conversations across 30 communication channels and 52 languages, including collaboration, social, chat, messaging, and conference platforms, in order to detect and prevent communication-based threats like social engineering. By stopping attacks at the social engineering stage, SafeGuard Cyber allows companies to prevent data breaches, ransomware, invoice fraud, and many other threats. The company's cloud-based Machine Learning also provides compliance solutions for governance and policy enforcement that empower customers to communicate through modern apps and social networking.

Read More

SOFTWARE SECURITY

Legal Industry Leader HBR Managed Services Partners with Tanium to Enhance Security and IT Services Capabilities

HBR Consulting | August 16, 2022

HBR Managed Services (HBR), a comprehensive strategy, operations and technology consulting firm focused on the legal industry, today announced its partnership with Tanium, the industry's only provider of converged endpoint management (XEM) for complex security and technology environments. Recognizing that law firms are attractive targets for cyber criminals, HBR is leveraging the Tanium platform to provide IT operations management, IT asset discovery, and security threat response to manage system updates at scale, thereby helping the firm's IT managed services and network operating center (NOC) clients reduce risk and operating costs. "The Tanium platform allows us to automate patching of OS and applications on servers and workstations, whether those endpoints are attached to a firm's network or not," said Bill Elser, vice president of engineering services at HBR. "That's critical in today's hybrid environment, allowing us to quickly prevent or remediate security or other operational issues by deploying registry changes and executing scripts." "The legal field faces unique challenges not only to protect the integrity and reputation of individual firms, but to safeguard the various constituencies they serve. "Tanium is keenly aware of the heightened risks the industry faces and we are proud to align with a leader like HBR as they work to secure the interests of their clients. We look forward to expanding this long-term partnership as they continue to grow." Todd Palmer, SVP of partner sales of Tanium "We're pleased to add Tanium to our roster of best-in-class vendor partners," added Chris Petrini-Poli, HBR's executive chairman. "HBR is committed to continually innovating services and partnering with best-in-class tool providers. Throughout the past year, we've been investing in relationships that will help us continue to provide exceptional, cost-effective service to our clients. We're proud to be on the leading edge of using top-of-the-line technology that ensures a continuously updated and monitored, safe and secure IT environment, while allowing HBR's team to operate as efficiently as possible." About HBR Consulting HBR Consulting (HBR) provides law firms and corporate law departments with strategic guidance, operational improvement, and technology solutions that drive innovation while managing cost and mitigating risk. HBR's proven combination of experience, relationships, and insights—spanning the legal ecosystem—delivers sustainable financial and competitive advantages for its clients. Visit www.hbrconsulting.com and follow HBR on LinkedIn and Twitter. About Tanium Tanium, the industry's only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for six consecutive years and ranks on Fortune's list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere. That's the power of certainty.

Read More

SOFTWARE SECURITY

Zscaler Advances Cybersecurity and UX with New AI/ML Capabilities

Zscaler | June 23, 2022

Zscaler, Inc., the global leader in cloud security, unveiled today new breakthrough AI/ML innovations driven by the world's largest security cloud for unsurpassed user protection and digital experience monitoring. The new capabilities expand Zscaler's Zero Trust Exchange security platform, allowing companies to implement a Security Service Edge (SSE) that safeguards against the most advanced cyberattacks while providing an outstanding digital experience to users and easing zero trust architecture adoption. Cyberattacks on encrypted internet traffic have increased 314%, ransomware has increased 80%, and double extortion attacks have increased roughly 120%. Phishing is also on the rise, with businesses such as finance, government, and retail experiencing yearly increases in assaults of more than 100% in 2021. Organizations must adjust their defenses to real-time risk changes in order to battle growing threats. However, lean IT and security teams are facing security alert fatigue as they become more exposed to real-time attacks, and they frequently lack the resources and capabilities to adequately analyze and respond to the rising amount of threats. Zscaler is tackling these difficulties by offering one-click root cause analysis to rapidly identify the issues causing bad digital experiences, freeing up IT and security teams from debugging and allowing them to focus on preventing attacks. AI-powered security assists IT workers by automating threat detection in order to provide better and quicker protection. “Cybercriminals are using AI, automation, and advanced techniques to train machines to hack or socially engineer victims faster than ever before. To help our customers combat these escalating techniques, we’ve dramatically advanced AI and machine learning in our cloud to take advantage of our massive data pool, giving our customers granular real-time risk visibility and a solution to combat attackers that no other security vendor can provide.” Amit Sinha, President, Zscaler “Delivering seamless digital experiences, from employee devices to the applications they need, goes hand in hand with securing our sensitive business applications and data, no matter where it resides. Zscaler’s integrated cloud platform helped us effortlessly adopt a zero trust architecture, reduce risk, accelerate our digital transformation, and achieve business goals.” said Darren Beattie, Modern Workplace and Security Operations Manager at Auckland New Zealand-headquartered Tower Limited. “With Zscaler’s AI-powered Zero Trust platform based on a SSE framework, we are able to augment and expand the reach of our IT and security team to stop the growing frequency of advanced cyberattacks. The threat landscape is constantly evolving, and these new AI capabilities will effectively enable us to see real-time changes in risk, automate our response process, and stay ahead of the attackers,” said Stephen Bailey, Vice President of Information Technology at Cache Creek Casino Resort.

Read More