Another cloud-based data repository, this one belonging to Alteryx, has publicly exposed datasets from the data analytics firm's partner Experian and the U.S. Census Bureau that contain sensitive personal information on 123 million U.S. households. Read more… Fileless Malware Attacks Hit Milestone in 2017 Fileless malware attacks using PowerShell or Windows Management Instrumentation (WMI) tools accounted for 52% of all attacks this year, beating out malware-based attacks for the first time according to a new report. Read more…
In our last post, we shared tips on how to address cybersecurity with your board of directors. Today, we will wrap up the year with an overview on BOHH’s activity in 2017. BOHH Labs entered the market this year and what a great year it has been. We received some excellent media attention this year and built some great media relationships. We also hit the ground running with industry networking events, speaking and attending at 10 events including SAP Teched Las Vegas, Oracle Open World and an IBM Watson Summit. BOHH Labs also kicked off its first year in business being recognized as a winner of the Google/SAP Intelligent App Challenge. This was the inaugural year for the challenge, and BOHH Labs was selected as innovative solution winner among hundreds of global entrants for its submission including the use of SAP HANA Express Edition, Google Cloud Platform, Machine Learning, Artificial Intelligence and encryption to address the security of data transport and access for Cloud and Internet of Things (IoT) streamline workflows. While BOHH Labs has been off to a great start in 2017, unfortunately the same can’t be said for the state of the cybersecurity industry. The number of attacks, methods to carry them out, and the number of people affected by breaches continues to rise. However, BOHH Labs remains committed to tackling the cybersecurity industry and delivering a new approach that will help keep data protected that the traditional security methods are no longer able to provide. We predict 2018 will continue to be a challenging year for the cybersecurity industry, but we are ready to tackle that challenge head on. At the closing of a great first year, we are excited with the progress made in 2017 and we look forward to seeing what 2018 holds in store. We have enjoyed sharing some of our thoughts with you over the past several months through the BOHH Breakdown blogs and we are eager to get started again in 2018.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. F.C.C. Repeals Net Neutrality Rules The Federal Communications Commission voted on Thursday to dismantle rules regulating the businesses that connect consumers to the internet, granting broadband companies the power to potentially reshape Americans’ online experiences. Read more…
Three plead guilty to creating Mirai IoT botnet malware Three men have pleaded guilty in federal court to charges related to the creation of the Mirai Internet of Things botnet malware, variants of which have been used in a series of debilitating distributed denial of service (DDoS) attacks since 2016. Read more… Hackers steal $64 million from cryptocurrency firm NiceHash Cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies. Read more… Starbucks cafe's wi-fi made computers mine crypto-currency Starbucks has acknowledged that visitors to one of its branches were unwittingly recruited into a crypto-currency mining operation. The wi-fi service provided by one of the coffee chain's Buenos Aires outlets surreptitiously hijacked connected computers to use their processing power to create digital cash. Read more…
In our last post, we shared tips for individuals to stay safe as they begin their Christmas holiday shopping this season. Today, we will address an increasingly important topic – how to address cybersecurity with your board of directors. One thing is becoming increasingly clear in today’s climate of nonstop breaches: security matters and data is becoming an asset. It’s time organizations treat cybersecurity as a core business value. Business leaders, starting from the Board of Directors and moving through the C-suite, must insist on their organizations adapting the most effective security measures in their IT platforms, workflows and processes today. However, many board members feel they lack the technical aspects about what their role should be as directors when it comes to cybersecurity. Below are some tips to get the conversation started.
Speak in language your board understands. Many board members may not know the technical terms when speaking about technology and security. Try to break it down in terms that are simple and easy for a non-technical professional to understand.
Talk about security investments and cybersecurity risks in terms of how it impacts the organization’s business and financial bottom line.
Communicate everything in numbers. The board is the oversight of the company, so money matters. If you can relate security investments, potential breach loss, etc. in dollars, it will have a greater impact to how cybersecurity can impact the organization overall.
Tie cybersecurity measures to the competitive marketplace. Highlight what the company’s competitors are doing, so the board can understand how the company needs to keep pace with the market.
Share examples of how cybersecurity breach incidents have impacted other organizations in your similar market (Equifax, Uber etc.) – did they lose customers, pay a breach settlement fine, pay a ransom fee?
Present the facts of the company. To start a conversation on why having proper security strategies in place is important, gather a list of the organization’s valuable data assets that require protection, so you can customize the conversation to your company’s specific needs.
Share a game plan on where and how you think the board should be involved in the company’s cybersecurity strategy. Having this prepared ahead of time will help show the board where they fit into the plan.
Bring in a security expert to talk to your board about the importance of having proper cybersecurity measures in place. Having a trusted source always goes a long way in the decision-making process, plus highlights the consequences of a breach such as fines, potential senior job losses etc.
Educate them on all of the laws and industry compliance rules in place. This will help them understand why a certain amount of the business strategy needs to be designated to security investments. Highlight that General Data Protection Regulation (GDPR) is effective starting in May 2018, so there must be a strategy to meet this deadline.
Be concise and clear. Do not waste their time. Prepare ahead of time the main points you want to hit to educate them on the necessary security investments.
Leaders who make security a business priority and an integral part of their organizations daily operations, can help navigate their organization to better long-term performance and success. Hopefully these will be a useful tool to get the conversation started. Come back next Tuesday when we take a look back at all of the developments and accomplishments made by BOHH this year.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Millions 'stolen' in NiceHash Bitcoin heist "Highly professional" hackers made off with around 4,700 Bitcoin from a leading mining service, a Bitcoin exchange has said. The value of Bitcoin is currently extremely volatile, but at the time of writing, the amount stolen was worth approximately $80m. Read more…
In our last post, we shared what the team at BOHH Labs believes will be the hot topics in 2018. Today, we offer tips for individuals to stay safe as they begin their holiday shopping this season. We have all heard the stories: people losing money in a cyber scam, a bankcard that has had to be replaced because it has been compromised, and many other ways that simply swiping our cards this holiday season put our finances at risk. So, with the holidays right around the corner, here are a few steps to protect yourself while you are out shopping for your near and dear:
Check for encryption on websites when shopping online. Look for a small lock icon somewhere on your browser and URLs that begin with “https:” This means the site is secured and your data is encrypted.
Make sure your security software is up-to-date, regardless of if you are using a computer or mobile device.
Phishing attacks are more frequent than ever and are projected to be one of the top methods for cybercriminals to carry out scams this season. Learn to recognize and avoid phishing emails, threatening calls, and texts from thieves posing as legitimate organizations such as your bank, or credit card company. With lots of coupons, discounts and sales, be cautious on what links you click on and don’t download attachments from unknown or suspicious emails.
Don’t respond to emails requesting your account details. Do not ever send personal information or credit card information via email. It is best to call back instead using a phone number you can verify from their official website.
When shopping online, think about where you are doing it from. For example, by using public Wi-Fi, it’s rather simple for someone to intercept your data in a man-in-the-middle attack. It is advisable to use your own Wi-Fi network that is setup with password protection when doing online holiday shopping.
Sign out of your accounts when you complete your purchases online. This may sound easy, but you should always log out of your online session rather than let it expire. This will help reduce the chances of your session being hacked. Most site will log you out automatically after you are idle for a couple of minutes, but logging out is still a good habit.
Make sure that when you purchase online you know the seller. If it is your first purchase from them, check other users feedback. It’s not necessary to get 100%, but two or three bad reviews over poor customer service or non-delivery should raise an alarm.
When withdrawing cash at ATM’s (remember the days when it was used for everything?), security is not just about looking over your shoulder. Scammers often target an ATM and place a card reader over the card slot so that they can copy your card details. This is not as easy with a chip card, but they also can have a camera on the machine to access the details required to skim your card. Always check the slot to make sure it has not been tampered with.
Passwords (yawn). Boring maybe. A necessity? Definitely. Also, the biggest hole in your security? Probably. Use different passwords for every site so that when one is hacked, and your details are stolen, only that site is compromised, not all of them.
Now that we’ve highlighted some of the tools to employ when holiday shopping this season to stay cyber safe, come back next Tuesday when we will share ideas to get your board members involved in your cybersecurity strategy.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Senators Again Propose National Breach Notification Bill A trio of Democratic Senators is attempting to catapult Congress into the information security era by pushing for passage of a U.S. national data breach notification law. Read more...
Top secret government files stored without password protection on Amazon server It doesn’t always require a whistleblower to leak classified NSA data, considering top secret files were stored on an Amazon Web Services (AWS) S3 bucket that was configured for public access. The server contained sensitive data belonging to the U.S. Army Intelligence and Security Command (INSCOM), which is a joint Army and NSA division. Read more...
Over 100GB of Secret Consumer Credit Data Leaked Online Some 111GB of highly sensitive information including consumer credit histories has been exposed by the National Credit Federation as the result of yet another misconfigured Amazon Web Services (AWS) S3 cloud storage bucket. Read more...
Clarksons' breach again shows need to eliminate passwords The global shipping firm Clarksons reported that it has suffered a cybersecurity breach which it, and outside security firms, believe was caused when a lone user account was hacked, again bringing to the forefront the need to move past the legacy username and password for logging in to a critical system. Read more...
In our last post, we reviewed some of the best security techniques being used to keep our data protected and that we are grateful for in honor of Thanksgiving. Today, we will shed some light on what the team at BOHH Labs believes will be the hot topics in 2018 and share our predictions. Every year experts turn to their magic crystal ball and share their thoughts on predictions they have for the upcoming year. Will we see the same trends from 2017 repeat themselves or we will see new ones develop in 2018? Below our experts from BOHH Labs weigh in on the discussion and offer their predictions for what’s ahead. Blockchain will be the Heart of The Finance Industry: It’s no secret that blockchain is the hot new technology, and we will see this technology be embraced predominantly by the financial industry. Because of its decentralized and distributed nature, more financial services institutions are looking at blockchain to replace the centralized business model. As an example, KPMG, one of the “Big Four” accounting firms, recently just joined the Blockchain Advocacy Group. As Bitcoin is based around blockchain technology, and it has seen significant growth in value during 2017 event though it’s an unregulated currency, will continue to increase when security is a potential issue or will it fall off the tracks? NASDAQ Advising People to Jump on Security Boards: We all know security breaches are a big deal, so why aren’t more board of directors versed in the area? As the oversight of an organization’s value and growth, it’s critical for security to become a business priority and an integral part of their organizations’ daily operations. This means a companies’ cybersecurity activities must hold as much weight in decision-making in the same way as they do in the financial ones. As such, in 2018, we will see NASDAQ advise more security expert to join companies’ boards, so they can help companies navigate to better long-term performance and success. Website Attacks Become a Bigger Target: One of the type of attacks that we will see gain more traction this year is the website attack. With the growing use of online services (checking accounts, merchant accounts and Point-of-Sale (POS) systems, etc. now going through the web) the risk of attacks is large and has the potential to affect any institution using these services, as it opens access to institutions’ backend databases, document stores and applications all within easy reach. Because an attacker gains access to the website through a hijack of a user’s requests and then makes a simple change of code to redirect payment information their way, while NOT stopping the requests correct path, this type of attack is very hard to find, but incredibly easy for attackers to undertake. The website is no longer just a marketing tool. It has become a business tool, and as such, it now needs to be properly protected from attacks and placed inside a firewall, and preferably completely encrypted, so that attackers are unable to change, manipulate and delete code to their advantage. Continued Chat Bot Growth: The growth in the business use of chat bots will continue to increase based on their interactive nature and their capabilities to complement existing call center activities by taking away mundane tasks. However, with their interactive capabilities and the ability to use location services to reserve a table in your proximity and even order an item such as a coffee, it is becomingly increasingly important that all chat bot transports are secure. Similar to website data breaches, should intrusion attacks penetrate the chat bots, user trust will be lost as well as the possible loss of confidential data. Public Cloud Adoption will Continue to Challenge Enterprise Companies: While Cloud adoption is the goal of most global enterprise companies to help improve their IT speed, business agility, and modernize existing on-premise applications such as ERP, Finance and HR, adoption will be limited due to the time and money needed to implement cloud security standards that emulate enterprise on premise infrastructures. By using a secure gateway to a Public cloud provider, enterprise accounts could accelerate their cloud deployments and benefit from the economics of cloud, plus have the ability of choice and move Cloud providers as the business sees fit. IoT Attacks Will Keep Growing: We will continue to see companies scramble to implement security for IoT devices and applications. We’ve already seen the significant and expansive impact that hacks on IoT devices can have and it will only continue as we move in to 2018. General Data Protection Regulation: Effective from 25th May 2018 companies will need to comply with the General Data Protection Regulation (GDPR) which applies to all companies that use or process data in the European Union. As several analyst articles suggest, only 25% of companies are expected to be in full GDPR compliance in May 2018, and as a consequence of this, the initial fine or penalties imposed on a none compliant company will be significant to warn other companies of its importance. Now that we’ve highlighted some of the major security themes we predict will take center stage in 2018, come back next Tuesday when we will share some tips to stay cyber safe in the holiday shopping season.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Uber data breach from 2016 affected 57 million riders and drivers Uber faced a data breach in 2016 that affected some 57 million customers, including both riders and drivers, revealing their names, email address and phone numbers. Read more… Crypto-Currency Firm Tether Loses $30m to Hackers Crypto-currency firm Tether has become the latest to suffer a damaging cyber-attack, claiming hackers have made off with over $30m worth of tokens. The crypto-currency stolen is USDT, a US dollar-based asset issued by Tether on the Bitcoin blockchain via the Omni Layer Protocol. Read more…
FCC Chairman submits plan to end net neutrality; New York AG claims agency is hindering probe The Federal Communications Commission chairman on Tuesday announced a draft of his plan to dismantle net neutrality rules that ensure a free and open internet. The elimination of net neutrality regulations would pave the way for telecommunication/ISP companies to charge a premium for high-quality streaming, charge for or block access to certain web content, and intentionally reduce the speed of some websites over others -- as long as they are transparent about their actions. Read more…
In our last post, we talked about some of the most famous corporate data breaches and how BOHH could have prevented them. This week, in honor of Thanksgiving, we are looking at some of the best security techniques being used to keep our data protected and giving thanks. Encryption This is hardly a new strategy for keeping our data protected, but it is has become a standard protocol in today’s security measures. The core foundation of encryption focuses on converting information or data into a form unreadable by anyone except the intended recipient. While encryption itself does not prevent hackers from getting access to data, it does make it unreadable to those who intercept it. At BOHH, we believe the parties at the two ends of a data message – the sender and requester – should be the only ones who have access to that data message. We use a keyless encryption algorithm from end-to-end to ensure all data – both at rest and in transit – stays protected, without any possibility of decrypting it, even at the sever level. Artificial Intelligence Though popular culture used to associate Artificial Intelligence (AI) with robots and science fiction, it is on the rise as a technology influencing a variety of sectors, including the cybersecurity industry. Staying ahead of hackers has become increasingly challenging. As such, the self-learning capabilities and ability to recognize patterns and anomalies within them, makes AI a great tool to detect threats. At BOHH, our AI Engine is a core component to our security approach. We use an AI Engine to do threat analysis and to prevent intrusion – it manages ports, interacts with user requests, and maintains a secure connection by identifying and removing any unwanted traffic before it is passed along and gets access to any of the backend applications or databases. Firewalls Firewalls have been around for a while and are often overlooked as a part of a security strategy, but they are a useful tool to help thwart attacks from external bad actors. Much like its name describes, firewalls are used to keep networks protected and act as a first line of defense of all data traffic that passes in and out of the network. Based on pre-set rules and security requirements set by a company, firewalls examine incoming traffic against those pre-set rules and blocks unauthorized attempts trying to get in. Firewalls continue to be one of the most popular tools in the IT industry and continue to evolve over time as more sophisticated security challenges and attacks develop. At BOHH, we work in conjunction with a firewall system. The BOHH security platform sits on top of the firewall and enables full encryption inside the firewall for added security to keep data protected. Multi-Factor Authentication As technology advances and hackers’ attacks evolve and become more sophisticated to take advantage of these advancements, using only a single authentication system, like a password is no longer enough. This is where multi-factor authentication comes in. The goal is to add multiple layers of security to make it more difficult for unauthorized users to take over an account. Multi-Factor Authentication is a great technique because if one factor is compromised, an attacker still has one or two other barriers to get through before successfully breaking into the target. There are many different methods to do Multi-Factor Authentication such as password followed by text, email, pin number confirmation, or even biometric authentication (voice, fingerprint, etc.) which is gaining popularity as technology advances. At BOHH, we employ multi-factor authentication via voice authentication, fingerprint or sending code confirmation messages to your mobile phone or email for verification. Each of these technologies have a critical place in companies’ security strategy; however, each of these are just on piece of the whole puzzle and should not be the only tool used to combat security threats. For security to keep pace with the evolving and complex attacks in today’s complex environment, there must be a more holistic approach when securing data by combining the various security solutions available. Now that we’ve highlighted some of the security techniques we are thankful for, come back next Tuesday when we will share some of our predictions for what lie ahead in 2018.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Forever 21 hack reveals payment card data The clothing retailer says hackers compromised point of sale devices at stores for a good part of the year. Read more…
If you own a Google Home or Amazon Echo, you could be at risk Remember BlueBorne, the vulnerability that allowed hackers to infiltrate an estimated 5 billion gadgets using only a Bluetooth connection? It’s estimated that 20 million Amazon Echo and Google Home devices were vulnerable to attacks via the BlueBorne exploit. Read more…
In our last post, we talked about the state of security for the Internet of Things (IoT) and how BOHH Labs’ approach brings more confidence to keeping these devices secure. This week, we will take a look at some of the most famous corporate data breaches to occur, and how BOHH could have prevented them. Breach: Equifax (2017) One of the biggest data breaches to dominate headlines recently is the Equifax breach. While it may not go down in history as one of the biggest breaches, it certainly made a big splash due to the sensitive nature of the data that was leaked. Over 143 million consumer records were exposed, and the information exposed included names, Social Security numbers, birth dates, addresses and in some cases, driver's license numbers. Due to poor network security and failure to update its software, hackers gained access to Equifax’s database through a web application vulnerability. While it was thought it was a US attack, its impact was global and affected Equifax customers and non-customers.
Type of Breach: Web Application Attack, leaving gaping holes to its network for hackers to exploit. How BOHH Would Have Prevented It: Because BOHH’s service intersects all data requests, it is able to stop malicious attacks on the back-end database. Each data request has to go through a validation process before it gains authorized access to the backend database. BOHH also uses a patented system so a user’s data request never has direct access to the network server It can also check the return from the database, making sure only authorized information is returned. Breach: Target (2013) Though this breach took place several years ago, this is still one of the most famous breaches that has occurred due to the volume of people affected that compromised millions of its customers’ credit card and debit card accounts. All it took for 70 million people to have their credentials stolen was changing one line to the source code in the payment processing system and voilà. Target was unaware of the redirection of credit card details for a significant period of time which impacted their ability to resolve the issue and reduce the customer and finance impact. Type of Breach: Phishing Attack, threat from unwanted access to a website, where changes are made to the website code enabling data to be re-routed/pushed to thief. How BOHH Would Have Prevented It: BOHH prevents data from being re-routed through its patented block file system enabling full encryption of a website inside the firewall. When a user requests the website, BOHH goes to the server, and the AI engine pulls up the right blocks and decrypts them. It then puts the page together and passes it in memory to the web browser. This is without any direct access to the server from the requester, preventing phishing attacks and website changes to confidential data. Breach: NSA Contractor Edward Snowden (2013) One of the biggest intelligence leak in US history took place thanks to a NSA contractor abusing his system administrator insider access to the database and confidential information. Type of Breach: Insider Threat/System Administrator abusing internal control and weakness in security procedures to leak confidential information. How BOHH Would Have Prevented It: With BOHH, each dataset is encrypted with dynamically allocated keys and no encryption keystore, making it impossible for any user (including database admin) to steal useable data. This means that even if an insider gets access to confidential information, it is unreadable because there is no way to hack the encryption key. These are just a few of the many attacks that could have been prevented by BOHH’s innovative approach to security. Now that we’ve highlighted how BOHH could have helped prevented some of the most famous breaches around, come back next Tuesday when we take a look at some of the best security techniques being used to keep our data protected and give thanks in honor of Thanksgiving.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Fake WhatsApp app downloaded more than one million times A fake version of the WhatsApp messenger app was downloaded more than a million times from the Google Play Store before it was removed. According to users, the fake contained ads and could download software to users' devices. Read more… Senators Blast Equifax and Yahoo for Massive Data Breaches Both Yahoo and Equifax took the stand this week to address the major customer data breaches that happened under their watch and what responsibility their companies had for the historic data breaches that saw billions of Americans' privacy compromised. Read more…
Approximately $280m worth of the cryptocurrency Ethereum has been frozen in time – and potentially lost forever – after an unidentified developer accidentally triggered a critical bug in a shared code library used by digital wallets maintained by Parity Technologies. Read more... 2.7M Verticalscope credentials compromised The Canadian web forum manager Verticalscope has again been hacked with 2.7 million user accounts being affected this time. The latest incident takes place about one year after the company reported that 45 million user credentials had been compromised. Read more…
In our last post, we talked about the rise in popularity of chat bots and how BOHH supports the security of them. For this week’s installment, we will take a look at the state of security for the Internet of Things (IoT) and how BOHH Labs’ approach brings more confidence to keeping these devices secure. Market analysts predict dramatic growth in the adoption of enterprise cloud services incorporating IoT technologies. In fact, Gartner predicts that more than half of major new business processes and systems will incorporate some element of the IoT by 2020. However, the world has already witnessed some of the consequences to the growing adoption of IoT with the likes of the infamous Mirai botnet that took down major companies including Twitter, Amazon, PayPal and Netflix and off the Internet. While this trend continues to gain popularity in updating companies’ strategies, the IoT industry continues to be a top challenge for security professionals and keeping those devices and networks safe. Some of the major challenges companies are faced with by integrating IoT applications include:
Many IoT products are designed with convenience in mind and don’t have the proper security measures built in place at the design level/product development, leaving them insecure from the start.
IoT devices often come with old or unpatched operating systems. Additionally, these systems often need frequent software updates to patch for vulnerabilities, and if users do not complete these, it opens the devices to risks.
Most IoT devices come with a default password that users don’t often change, making it easier for cybercriminals to hack these devices and easily hop on to a company’s network that the user is trying to connect with.
IoT devices communicate with your network, as well as multiple other outside systems and networks companies don’t have control over. This throws open the door to malicious attacks directly on the enterprise databases and applications accessed by these services.
Although the security industry has been talking about how to secure IoT devices for years now, there are still too many backdoors and insecure devices being used today. Unfortunately, with the rise in IoT networks, comes the rise of security threats and questions about who is really at the other end of the connection. Companies’ digital strategies should not come at the expense of security. At BOHH, we support the use of IoT devices, while keeping the enterprise network safe by enabling a secure flow of all data traffic between these devices and the end enterprise services. We help enterprise networks stay better protected against attacks open by IoT services by managing the whole data transaction process and working natively with the IoT devices to secure the messages that are passed back and forth between the requestor and the responder. Our approach separates out the requestor from the request and securely allows, after AI validation, the request to navigate to whatever end-point is required. This leaves the requestor waiting until the response has been collected and checked before moving it forward and returning the request to the requestor. Unlike other security approaches, our approach prevents a request in to the network without being validated before gaining authorized access to a backend system or application. This approach enables BOHH to separate, recognize and maintain a secure connection to all relevant enterprise systems (i.e. the many different IoT devices and systems they connect with) and prevents any third parties from trying to hop on (piggyback onto) the connection and get to the backend database/application. The use of IoT is here to stay, and is only predicted to grow, so it is more important than ever that new security is applied to securing enterprise networks to keep pace with innovation in enterprise IoT services. Now that we’ve highlighted how BOHH helps enhance IoT security, check back in next Tuesday when we take a look at some of the most popular past breaches and how BOHH could have helped.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Hilton data breaches lead to $700,000 penalty The attorneys general of New York and Vermont both announced today that their joint investigation into two Hilton data breaches has resulted in a $700,000 penalty and a promise to strengthen security. In all, over 363,000 credit card numbers were exposed. Read more…
Trump Organization didn't discover shadow subdomains with Russian IPs for four years A series of shadow subdomains, all with Russian IP addresses and associated with malware campaigns, were created after hackers accessed the domain registration account of the Trump organization and likely went undiscovered until as recently as this week. Read more… Unencrypted USB stick with 2.5GB of data detailing airport security found in street An unencrypted USB flash drive detailing airport security and anti-terror measures was found on a street and sparked an investigation by Heathrow Airport. The USB stick, which contained 2.5GB of data, was neither encrypted nor required a password to access it, and contained 76 folders, packed with maps, documents and videos, even security measures to protect the Queen. Read more… Malaysian data breach sees 46 million phone numbers leaked A massive data breach has seen the customer data of more than 46 million mobile subscribers in Malaysia leaked on to the dark web. The leaked information includes mobile numbers, unique phone serial numbers, as well as home addresses. Read more…
In our last post, we looked at several ways companies can increase their potential to prevent data breaches. This week will be addressing the rise in popularity of chat bots and how BOHH supports the security of them. Bots (chat bots) are quickly becoming the interface of choice for many organizations and individuals (particularly the younger generation), as they are an invaluable way that people, computers and IoT devices can access and update information on demand. While bot technology has been around for some time now, there are several reasons why we are seeing a major uptick in their use. First, the core technology that powers bots is improving dramatically and enables computers to process language and converse with humans in ways they never could before. The advancements in Artificial Intelligence (AI) and Natural Language Processing (NLP) is making it possible for bots to better understand users’ needs and how to complete them. Additionally, the way we communicate has changed drastically – gone are the days where in-person visits, phone calls and even emails are the primary services for companies to engage with customers. Instead, people today demand conversational (voice) rather than browsing (keyboard) services that integrate into their digitally connected lives and offer them 24/7 interaction from anywhere at any time. One of the major appeals of bots for organizations is that they are a cheaper and faster method to serve and reach their customers like never before and offer more on-demand services that often results in cost savings for a more streamlined experience. Bots are not replacing customer services teams, but complimenting them by improving customer satisfaction (Net Promoter Score) indicators. It also supports organizations’ objectives of providing greater customer self-service, especially when user’s will make swifter decisions to move from one provider to another if customer service is poor. As such, we are beginning to see a major uptick in companies integrating bots services into their business and customer engagement strategies. However, while bots offer many advantages, current bot solutions are NOT secure and leave a new door open to malicious attacks as they provide direct access to an organizations’ network, applications and databases. By not addressing these security implications, companies are at risk of jeopardizing confidential data, as well as revenue from malicious attacks. At BOHH Labs, we believe that digital and technology advancements should not come at the expense of enterprise security. So, to help prevent attacks that are opened from bot services, BOHH’s approach to bots secures beyond what the market currently offers today, and ensures that the data request is validated before gaining authorized access to a backend system or application. The BOHH Bot Security Service separates out the requestor from the request and securely allows the request to navigate to whatever end-point is required. This leaves the requestor waiting until the response has been collected and checked before moving it forward and returning the request to the requestor. We do this in a number of ways, but mainly with our AI and NLP engines, which manage the data transaction process – the AI engine looks at and cleans any unwanted traffic, while the NLP engine takes the incoming message and determines where it should be sent – meaning the user can use plain text with no command languages. Together, these two technologies can separate, recognize and maintain a secure connection to many different systems and prevent any third parties from trying to hop on the connection and get to the backend database. All of this is done in real time (hundredths of a second), so there is no disruption to the user experience, just the confidence that their transaction/request is secure. Now that we’ve highlighted why bots usage among companies is on the rise and how BOHH helps enhance bot security, check back in next Tuesday when we take a look at IoT security.
