SOFTWARE SECURITY

HGC signs MoU to strengthen public telecoms network security with CyberSecurity Malaysia

prnewswire | October 28, 2020

HGC Global Communications Limited (HGC), a fully-fledged fixed-line operator and ICT service provider with extensive local and international network coverage, services and infrastructure, today announced the signing of a Memorandum of Understanding (MoU) with CyberSecurity Malaysia, the national cybersecurity specialist and technical agency under the Ministry of Communications and Multimedia Malaysia (KKMM).
The MoU provides a framework under which HGC will facilitate its portfolio of critical cybersecurity skillsets to the telecommunications industry whilst fostering increased cybersecurity innovation by enabling CyberSecurity Malaysia to achieve its purpose of overcoming national cyber security challenges and deliver greater ICT benefits to internet users.

The MoU will at first benefit large to medium enterprises, the financial services industry (FSI), government and semi-government bodies. The cooperation's impact will be felt beyond Malaysia's borders by reaching HGC's customers overseas, in particularly across the Asia community, and within a wide range of industry verticals such as e-health, e-commerce, e-education initiatives.
HGC provides broad range of connectivity and cybersecurity services to keep safe

Given the increase in the number of internet users has a direct implication on the increase in potential threat on information systems, it is essential to take necessary precautionary measures.

According to CyberSecurity Malaysia, between January and September 2020, Malaysia has recorded 8,366 cybersecurity incidents, including fraud, intrusion, and malicious code -- an increase of nearly 10% over compared to 2019.

Under the collaboration, HGC with its international exposure is tasked with provisioning its cybersecurity expertise including consulting, managed security services, engineering, risk management, cloud security and advisory services. This will in turn enable CyberSecurity Malaysia to boost its range of cyber security innovation-led services, programmes, and initiatives to reduce the vulnerability of digital systems, and at the same time strengthen Malaysia's self-reliance in cyberspace.

The MoU will cover cybersecurity cooperation in key areas including telecom security, IoT security and threats intelligence. The exchange of information on telecommunication networks, ICT solutions and cybersecurity can further improve cyberattack readiness and prevention measures.

Ravindran Mahalingam, HGC's SVP of International Business, said: "Cybersecurity is a paramount asset, key to HGC's vision of a connected world. As a global telecommunications service provider, we are committed to promoting sustainable development of technological innovations, keeping cybersecurity at the centre of business solutions. More, cybersecurity is important in a smart city as the infrastructure can be vulnerable and needs to avoid any breaches. HGC is dedicated to support cybersecurity for ICT and network initiatives, ensuring a secure and reliable digital business environment."

Dato' Ts. Dr. Haji Amirudin Bin Abdul Wahab, CyberSecurity Malaysia's Chief Executive Officer, said: "Today, cyber security is a major concern for most industries and the vulnerabilities are rising at an alarming rate; hence IT professionals are in high demand to analyse and overcome these threats. Moreover, these attacks could have been dealt with if those businesses have better cyber resilience. Organizations today are beginning to complement their cybersecurity strategies with cyber resilience. CyberSecurity Malaysia, a national cyber security specialist and technical center under the purview of the Ministry of Communications and Multimedia Malaysia, identifies collaboration as one way to strengthen the cybersecurity ecosystem in Malaysia. CyberSecurity Malaysia is pleased with the collaboration between global companies such as HGC to develop sustainable relationships between government and industry as well as raising the level of readiness and resilience of national cyber security and its contribution to national economic growth."
About HGC Global Communications Limited

HGC Global Communications Limited (HGC) is a leading Hong Kong and international fixed-line operator. The company owns an extensive network and infrastructure in Hong Kong and overseas and provides various kinds of services. HGC has 23 overseas offices, with business over 5 continents. It provides telecom infrastructure service to other operators and serves as a service provider to corporate and households. The company provides full-fledged telecom, data centre services, ICT solutions and broadband services for local, overseas, corporate and mass markets. HGC owns and operates an extensive fibre-optic network, five cross-border telecom routes integrated into tier-one telecom operators in mainland China and connects with hundreds of world-class international telecom operators. HGC is one of Hong Kong's largest Wi-Fi service providers, running over 29,000 Wi-Fi hotspots in Hong Kong. The company is committed to further investing and enriching its current infrastructure and, in parallel, adding on top the latest technologies and developing its infrastructure services and solutions. HGC is a portfolio company of I Squared Capital, an independent global infrastructure investment manager focusing on energy, utilities and transport in North America, Europe and selected fast-growing economies.


About CyberSecurity Malaysia

CyberSecurity Malaysia is the national cybersecurity specialist and technical agency under the purview of the Ministry of Communications and Multimedia Malaysia (KKMM). In essence, CyberSecurity Malaysia is committed to provide a broad range of cybersecurity innovation-led services, programmes and initiatives to help reduce the vulnerability of digital systems, and at the same time strengthen Malaysia's self-reliance in cyberspace. Among specialized cyber security services provided are Cyber Security Responsive Services; Cyber Security Proactive Services; Outreach and Capacity Building; Strategic Study and Engagement, and Industry and Research Development.

Spotlight

In this paper, system describe in MANET energy saving & security in data is an important issue in MANET. This can be solved by network coding which might reduce energy consumption also by using less transmission this system proposed data sharing using data encryption method. Encryption/decryption cost along with transmission time is factor of energy consumption in wireless network. In MANET unreliable wireless media, mobility, lack of infrastructure is a big challenge. Mobile Ad hoc NETwork (MANET) refers to mobility of nodes rather than any fixed infrastructure, act as a mobile router.

Spotlight

In this paper, system describe in MANET energy saving & security in data is an important issue in MANET. This can be solved by network coding which might reduce energy consumption also by using less transmission this system proposed data sharing using data encryption method. Encryption/decryption cost along with transmission time is factor of energy consumption in wireless network. In MANET unreliable wireless media, mobility, lack of infrastructure is a big challenge. Mobile Ad hoc NETwork (MANET) refers to mobility of nodes rather than any fixed infrastructure, act as a mobile router.

Related News

DATA SECURITY, PLATFORM SECURITY

mParticle announces new custom access roles API to enhance security of customer data

mParticle | October 10, 2022

mParticle, a leader in customer data infrastructure, announced today that it is introducing Custom Access Roles to its platform, extending its enterprise-grade controls to enhance security and simplify compliance. With customer data breaches in the news almost daily, there is a need for more robust data controls, especially for the world's largest brands. Modern security and compliance practices take a least privileged access approach to platform roles. To achieve true least privileged access, companies need to customize their roles to fit their business. Custom Access Roles give customers the flexibility to create unique roles tailored to the needs of not only marketers, developers, and product managers, but anyone in the company who works with customer data. Custom Access Roles limit the number of users that have privileged access, thereby protecting customer data. As teams set out to build their first-party data set, data protection becomes even more important. Not all users need access to all customer data, and admins need to be able to assign access based on the nuances of their business. With Custom Access Roles, mParticle customers can decide which permissions belong to which roles, ensuring that the right users have access to the right data. For example, a "Developer" role could have access to set up a new integration, but not to create audiences. An "Auditor" role could have access to view reporting, but not to edit reports. The mParticle Customer Data Platform (CDP) is the trusted customer data pipeline of the world's largest brands. It is the only CDP on the market with advanced security and privacy controls built for the compliance regulations enterprise organizations face. With over 300+ tested and trusted out-of-the-box integrations, infrastructure that spans the globe, and a solutions team with a proven track record of success. Custom Access Roles is another example of mParticle's focus on addressing enterprise-level challenges as they continue to evolve. About mParticle mParticle is an AI Customer Data Platform that powers the entire marketing stack with real-time customer data. Companies like NBCUniversal, JetBlue, Venmo, and Airbnb use mParticle to simplify their customer data infrastructure, maximize the value of their data, and accelerate growth at scale. Over the last year, the company has raised $150M in funding and acquired two startups, Vidora and Indicative. Founded in 2013, mParticle is headquartered in New York City with employees around the globe.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BeyondTrust Releases Cybersecurity Predictions for 2023 and Beyond

BeyondTrust | November 04, 2022

BeyondTrust, the leader in intelligent identity and access security today released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer and Brian Chappell, Chief Security Strategist, EMEA/APAC, are based on shifts in technology, threat actor habits, culture, and decades of combined experience. Prediction #1: Negative, Zero, and Positive Trust -- Next year, expect products to actually be “zero trust-ready", satisfy all seven tenants of the NIST 800-207 model, and support an architecture referenced by NIST 1800-35b. Zero trust product vendors will create marketing messages that may imply positive and/or negative intent (maybe not using such simple puns on the number zero). Some will provide positive zero trust authentication and behavioral monitoring, while others will work using a closed security model to demonstrate what should happen when a negative zero trust event occurs. Prediction #2: Camera-Based Malware is here. Say “Cheese”! -- In 2023, expect to see the first of many exploits that challenge smart cameras and the technology embedded within to leverage vulnerabilities. While there have been timeless discussions on the risks of using QR codes, we’re only now beginning to understand the risks from our smart cameras. As cameras become more complex, the risk surface is expanding for novel approaches that could lead to their exploitation. Prediction #3: Reputation for Ransom—The rise of Ransom-Vaporware – We will see a rise in the extortion of monies based purely on the threat of publicizing a fictional breach. Society so willingly accepts the veracity of breaches reported in the news—and without evidence. For a threat actor, this could mean the need to perpetrate an actual breach is reduced and a threat alone, that is not even verifiable, becomes an attack vector all in itself. Prediction #4: The Foundation of Multi-Factor Authentication (MFA) Invincibility Fails -- Expect a new round of attack vectors that target and successfully bypass multifactor authentication strategies. In the next year, push notifications, and other techniques for MFA will be exploited, just like SMS. Organizations should expect to see the foundation of MFA eroded by exploit techniques that compromise MFA integrity and require a push to MFA solutions that use biometrics or FIDO2-compliant technologies. Prediction #5: Cyber Un-insurability is the New Normal -- In 2023, more businesses will face the stark realization that they are not cyber-insurable. As of the second quarter of 2022, U.S. cyber-insurance prices already increased 79% over the prior year. The truth is, it’s becoming downright difficult to obtain quality cyber insurance at a reasonable rate. Prediction #6: The Latest Concert Hack: Wearable Risk Surfaces and Hackable E-Waste -- If you have recently attended a large concert, you may have received a disposable LED bracelet that can receive RF transmissions during the event. The device is meant to be low cost, disposable, and have potentially only single use. In 2023, expect threat actors to easily decode the RF transmissions using tools like Flipper Zero to wreak havoc on venues that use these enhancements. Some, may be to form a protest for some other purpose. Prediction #7: Compliance Conflicts are Brewing -- Significant compliance standards, best practices, and even security frameworks, are starting to see a diverging in requirements. In 2023, expect more regulatory compliance conflicts, especially for organizations embracing modern technology, zero trust, and digital transformation initiatives. Prediction #8: The Death of the Personal Password -- The growth of non-password-based primary authentication will finally spell the end of the personal password. More applications, not just the operating system itself, will start using advanced non-password technologies, such as biometrics, either to authenticate directly or leverage biometric technology, like Microsoft Hello or Apple FaceID or TouchID, to authorize access. Prediction #9: De-Funding of Cyber Terrorists Becomes Law -- Governments all over the world will entertain a new approach to protect organizations from ransomware and stop the funding of terrorists: ban ransomware payouts outright. Granted, threat actors may move on to a new form of cyber crime to fund their operations, but ransomware as we know it will fade away. Prediction #10: Cloud Camouflage is Confronted -- To mitigate cloud security risks, expect a push for transparency and visibility into the security operations of SaaS solutions, cloud providers and their services. The push to ensure transparency of the architecture, foundational components, and even discovered vulnerabilities, will extend beyond SOC and ISO certifications. Prediction #11: Social Engineering in the Cloud -- Attackers will turn from their software toolkits to their powers of persuasion as they increase the number of social engineering attacks leveled at employers and organizations across the cloud. Prediction #12: Unfederated Identities to Infinity and Beyond -- Expect a push into unfederated identities to help provide a new level of services and potentially physical products that will become a mild access control and management nightmare. The size and scope will feel truly infinite—unless it is well-defined for identity management teams to provide access beyond what typically is available today. Prediction #13: OT Gets Smarter, Converges with IT -- Expect attack vectors for basic Operational Technology (OT) to expand based on similar exploits that target IT. OT which once had a single function and purpose is now becoming smarter, leveraging commercial operating systems and applications to perform expanded missions. As these devices expand in scope, their design is susceptible to vulnerabilities and exploitation. Predictions #14: Headline Breaches Move to Second-Page News -- Expect news of breaches to be buried deeper—whether in print or online format based on audience fatigue, lack of interest, or just because it is no longer exciting. With that said, legal, regulatory, and compliance responses will become front-page news should an organization fail to follow the proper steps for public disclosure and risk mitigation. Prediction #15: A Record-“Breaching” Year -- Expect a record-breaking year of cyber security breach notifications, not only because of the sophistication of threat actors, but also due to the larger changes in the world that will impact an organization's ability to mitigate, remediate, or prevent a problem. About BeyondTrust BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organizations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industry's most advanced privileged access management (PAM) solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments. BeyondTrust protects all privileged identities, access, and endpoints across your IT environment from security threats, while creating a superior user experience and operational efficiencies. With a heritage of innovation and a staunch commitment to customers, BeyondTrust solutions are easy to deploy, manage, and scale as businesses evolve. We are trusted by 20,000 customers, including 75 of the Fortune 100, and a global partner network.

Read More

PLATFORM SECURITY

Picus Security brings automated security validation to businesses of all sizes

Picus Security | November 10, 2022

Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the availability of its next-generation security validation technology. The new Picus Complete Security Validation Platform levels up the company's attack simulation capabilities to remove barriers of entry for security teams. It enables any size organization to automatically validate the performance of security controls, discover high-risk attack paths to critical assets and optimize SOC effectiveness. "Picus helped create the attack simulation market, and now we're taking it to the next level, By pushing the boundaries of automated security validation and making it simpler to perform, our new platform enables organizations even without large in-house security teams to identify and address security gaps continuously." -H. Alper Memis, Picus Security CEO and Co-Founder The all-new-and-improved Picus platform extends Picus's capabilities beyond security control validation to provide a more holistic view of security risks inside and outside corporate networks. It consists of three individually licensable products: Security Control Validation - simulates ransomware and other real-world cyber threats to help measure and optimize the effectiveness of security controls to prevent and detect attacks. Attack Path Validation - assesses an organization's security posture from an 'assume breach' perspective by performing lateral movement and other evasive actions to identify high-risk attack paths to critical systems and users. Detection Rule Validation - analyzes the health and performance of SIEM detection rules to ensure that SOC teams are reliably alerted to threats and can eliminate false positives. A global cybersecurity workforce gap of 3.4 million professionals∗ means automated security validation is now essential to reduce manual workloads and help security teams respond to threats sooner. Recently, the US's Cybersecurity and Infrastructure Security Agency (CISA) and UK's National Cyber Security Centre (NCSC) published a joint advisory recommending organizations test their defenses continually and at scale against the latest techniques used by attackers. Insights from point-in-time testing are quickly outdated and do not give security teams a complete view of their security posture, With the Picus platform, security teams benefit from actionable insights to optimize security effectiveness whenever new threats arise, not once a quarter. With our new capabilities, these insights are now deeper and cover even more aspects of organizations' controls and critical infrastructure,said Volkan Erturk, Picus Security CTO and Co-Founder. About Picus Security Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Validation Platform is trusted by leading organizations worldwide to continuously validate security effectiveness and deliver actionable insights to strengthen resilience 24/7. Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. Picus has been named a 'Cool Vendor' by Gartner and is cited by Frost & Sullivan as one of the most innovative players in the BAS market.

Read More