Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Deloitte hit by data breach
Corporate finance giant Deloitte suffered a cyber-attack that compromised confidential data, including the private emails of some of its clients, the company has confirmed. Its system had been accessed via an email platform and "very few" clients had been affected, Deloitte said. Read more…
Russian hackers targeted election systems in 21 U.S. states
The Department of Homeland Security (DHS) finally notified election officials in 21 U.S. states about Russia trying to hack their election systems before the 2016 election. Read more…
Whole Foods Market Investigates Hack Attack
Upscale supermarket chain Whole Foods Market says it's investigating an apparent payment card data breach that affects facilities located in some of its stores, although none of its checkout lanes. Payment card data stolen from taprooms and restaurants, the supermarket chain says. Read more…
Sonic hit with class action suit over POS data breach
Two Sonic Drive-In customers are taking legal action against Sonic for allowing their payment card data to possibly have been compromised when the fast-food chain's POS system was hacked and are demanding the company pay for credit monitoring services for those affected. Read more…
In our last post, we talked about the philosophy behind our security approach. We believe actions speak louder than words, so today, we will offer a closer look at how our solution works in action and set the scene for a real-life example of how our security can fit in to today’s business operations.
Using a sample manufacturing IoT example below, we will show how BOHH enables users to search securely across multiple databases and repositories using voice and text commands to find information quickly, enhancing workflow and saving time and money.
Combining our BOHH Labs Secure Federated Search application with our Secure BOHH(T) Bot application, running through SAP HANA Express and Google Cloud Platform, we will show how users can not only find data and documents in a secure way off their cloud services, but also to ask the devices they are working on to find and return specific information they are looking for in real-time.
The IoT Manufacturing Scenario
For this scenario, we are using an engineer, Bobby, going on a monthly maintenance visit to an oilrig in the Gulf of Mexico to perform maintenance on a mechanical device using a hand-held device from Samsung that allows him hands-free ability to access all the data needed to deliver maintenance on a device that needs service in real-time. Previously Bobby used a ruggedized laptop or tablet which needed space to open and sit securely on his maintenance visit which is often in an area with confined/limited space.
- Before starting the maintenance service, Bobby connects to the BOHH Labs application onsite at the oilrig, and using the equipment serial number, asks BOHH to find a drawing of the equipment document repository so he can see the exact location of the part that needs service, as well as the data from the last person who serviced the part and what service was completed.
- BOHH securely accesses the maintenance databases, the sensor database, stock inventory etc. in real-time and returns the requested data to Bobby using a patented encryption method and AI technology to manage ports, maintain a secure connection and interact with the user’s requests.
- Now that Bobby has received repository doc to know exactly where the part is located and what service has been previously done to it, Bobby can begin his maintenance check. He can also continue to ask BOHH to connect him with information needed throughout the servicing of the device until it is completed.
- After the servicing is completed, Bobby communicates with the BOHH application and provides an update on what service he did, which automatically goes back into the database to record the service.
- Based on the work he performed, Bobby also orders a replacement part directly through the stock inventory app while onsite for pick up at the local depot, avoiding future wasted maintenance visits elsewhere.
Using BOHH, Bobby does all of this in real-time – eliminating time wasted looking for data before and at the site. More importantly, because parts are ordered pro-actively, BOHH enables the oilrig to minimize business disruption through lost production time.
This example highlights how BOHH can streamline tasks that require real-time data access and streamline workflow without the worry of third-party intervention and hacking, time-wasted looking for data or even loss of data all together.
BOHH was recently announced as a winner of the Intelligent App Challenge, sponsored by SAP & Google Cloud, based on our secure voice-activated search solution documented above.
To see a demo of the above scenario on how BOHH Labs’ app works, click here.
This week we are attending and participating in SAP TechEd 2017, and we will be offering demos throughout the event. If you would like to learn more on how our technology works, you can also visit us at www.bohh.io for more information.
Now that we’ve taken a deeper dive into how BOHH’s solution can not only fit into a real-life business operation workflow, but also improve the security, transport and access of data, check back in next Tuesday to learn more on how BOHH enhances productivity with ease of implementation.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
NotPetya cyber attack on TNT Express cost FedEx $300m
Falling victim to the Petya cyber attack cost FedEx around $300m during the last quarter of the financial year, the company has revealed in its latest earnings report. Operations of FedEx's TNT Express unit in Europe were disrupted by the attack and the company previously warned that the financial cost of the incident was likely to be significant. Read more…
Equifax hackers likely in network since March
It took Equifax 141 days to discover a breach that exposed the data of 143 million U.S. consumers with hackers likely accessing the credit monitoring firm's systems in March, a full two months before Equifax originally said they did. Read more…
Hackers May Have Traded on Stolen SEC Data
The chairman of the U.S. Securities and Exchange Commission will face a Senate committee next week following the agency's disclosure that hackers pulled secret market data from its systems and possibly used it to conduct trades. Read more…
CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft
The backdoor discovered in Avast's CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco. When Cisco Talos and Morphisec discovered a version of Avast CCleaner had been compromised to deliver malware, it was bad enough to learn millions of endpoints were threatened. Now, security experts say the attackers had espionage in mind. Read more…
At BOHH Labs, we are excited to announce that our secure app solution was selected as a winner of the Intelligent App Challenge, sponsored by SAP & Google Cloud. We are honored to be selected from hundreds of challenge registrants and recognized for our emerging solution that is based on some of today’s most innovative technologies including the use of SAP HANA Express Edition, Google Cloud Platform, Machine Learning, Artificial Intelligence and encryption to address the security of data transport and access for Cloud and Internet of Things (IoT) streamline workflows.
As part of our submission for the Intelligent App Challenge, we demonstrated how our app enables users to search securely across multiple databases and repositories using voice and text commands to find information quickly in real-time.
We combined our BOHH Labs Secure Federated Search application with our Secure BOHH(T) Bot application, running through SAP HANA and Google Cloud Platform, to enable users to not only find data and documents in a secure way off their cloud services (in this case Google Drive), but also to ask the devices they are working on to find and return specific information they are looking for in real-time.
For the challenge, we highlighted how our technology works using an IoT scenario for maintenance on a mechanical device using a hand-held device from Samsung that allows an engineer hands-free ability to access all the data needed to deliver maintenance on a device that needs service in real-time. Before starting the maintenance service, the engineer onsite connects to the BOHH Labs application and asks BOHH to find a drawing of the equipment document repository so he can see the exact location of the part that needs service, as well as the data from the last person who serviced the part and what service was completed. BOHH securely accesses the maintenance databases, the sensor database, stock inventory etc. in real-time and returns the requested data using a patented encryption method and AI technology to manage ports, maintain a secure connection and interact with user requests.
The engineer can continue to ask BOHH to connect him with information needed throughout the servicing of the device until it is completed. After the servicing is completed, the engineer can communicate with the BOHH application and provide an update on what service he did and it will automatically go directly back into the database to record the service.
This example highlights how BOHH can streamline tasks that require real-time data access and streamline workflow without the worry of third-party intervention and hacking, time-wasted looking for data or even loss of data all together. To see a demo of the above scenario on how BOHH Labs’ app works, click here.
If you like to learn more about BOHH labs, we are attending and participating in SAP TechEd 2017 and look forward to speaking to you more on how our technology works. You can also visit us at www.bohh.io for more information.
In the last post, we talked about why BOHH Labs is the next step in securing your organization. Today, we will be discussing the philosophy behind our security approach and how our approach provides greater security than other existing technologies.
Our security approach is built on four principles that we believe are important to adhere to:
- Usability. The result must be practical and usable, not just another thesis based on theoretical knowledge.
- Practical. The outcome must be able to be put in to a practical use without too much disturbance to existing systems and leveraging existing database investments.
- Ownership. The data we were looking to protect initially was usernames, passwords, address details, etc. In other words, data that belongs to us as an individual. So, we set out to make sure that the data not only belonged to us as users and individuals, but that we as individuals were also responsible for its safe keeping. Not that we wanted to pass the onus of the protection away from the organization charged with storing the data, but that, that organization should not be held responsible for the misuse of the data, and they should not be able to access the raw data that a user has requested should be made anonymous.
- Accessible. From the outset, we decided that having data secured was useless, unless it was also accessible to the data owner. This meant that one of our main goals was to make sure that this data was also searchable.
With these four main points as our foundation, we started looking at how BOHH could improve the entire approach to data security. Our first focus was to address how hacks on data were being carried out. There are a lot of different scenarios, and at the time we were not looking to protect data from every single one, but we were interested in what made it possible for an unauthorized person, or an authorized person with bad intentions, capable of not just extracting the data but also rendering what was seen as encrypted data in to readable and usable text. This was the most important question to be answered, and the answer to which would give us our starting point.
How BOHH Works
With the driving force centered around what made it possible for unauthorized users to get access to “secure” data and use it for exploits, we developed a unique formula using encryption and Artificial Intelligence technologies to protect data and infrastructures from within and invalidate data when accessed by unauthorized users, rendering it useless to the unauthorized party. How does this work?
- BOHH cuts off the request from its originator as it enters the system
- BOHH then creates a session of containerized encrypted memory
- BOHH ensures that the requestor never accesses the end-point applications
- BOHH uniquely utilizes AI within the containers to learn from and then remove fraudulent access
This process enables our core focus to be on protecting the data itself, so this enables BOHH to protect data no matter where it is being stored, accessed or transacted such as on on-premise databases, cloud platforms, IoT devices, mobile services and more. In future blogs, we will address further how our technology protects data in these different areas.
Data is increasingly a critical part of businesses and consumers’ lives; thus, it’s essential to protect data. Once trust has been broken, it impacts an organization’s profitability with potential data breach fines, brings reputational risk, and more importantly, user/consumer confidence in the impacted organization.
Despite these known impacts, enterprise security continues to be a major challenge for organizations. BOHH Labs offers a new approach to help minimize business risk and disruption. BOHH’s security platform presents a significant opportunity for enterprise customers to leverage existing infrastructure investments to enhance their security strategy, while being confident that their assets (confidential and customer information) is safe against the imminent threat of attack.
Now that we’ve addressed how BOHH Labs approaches data security, come back next Tuesday, when we will take a deeper dive into how BOHH is putting its security to use with a real-life, IoT scenario.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Billions of Bluetooth devices vulnerable to takeovers, MITM attacks; no user action required
Billions of Bluetooth devices, including those running on Android, iOS, Linux, and Windows, contain major vulnerabilities that can allow malicious actors to remotely execute code, take over devices, and perform man-in-the-middle (MITM) attacks, researchers have reported. Read more…
Equifax confirms Apache Struts security flaw it failed to patch is to blame for hack
Equifax has confirmed that a web server vulnerability in Apache Struts that it failed to patch months ago was to blame for the data breach that affected 143 million consumers. Read more…
FA to increase World Cup cyber security over hacking concerns
The English Football Association will increase cyber security for the 2018 World Cup in Russia after hacking attacks by a group suspected of links to a Russian spy agency, media reports said. Read more…
Apple explains Face ID on-stage failure
Apple has explained why its new facial recognition feature failed to unlock a handset at an on-stage demo at the iPhone X's launch on Tuesday. The company blamed the Face ID glitch on a lockout mechanism triggered by staff members moving the device ahead of its unveil. Read more…
Last week in our first installment of the BOHH Breakdown, we talked about the increasingly complex world of cyber warfare and outlined the need for the industry to rethink the entire approach to protecting data. Today, we will be addressing how and why BOHH Labs is the next step in securing your organizations’ data and networks and to mitigate the new wave of cyber warfare, while still enabling business productivity and innovation to flourish.
Based on customer demand, business is continually moving towards offering on-demand and digital services, which is enabling trusted interactions between human entities (individuals, communities, enterprises and governments) over multiple channels (mobile networks, the Internet, call centers, face-to-face and others). However, as we discussed last week, the sheer number of methods deployed to carry out cyberattacks, their complex nature, sophistication, and evolving character have made it difficult for institutions to stay protected and keep company and customer data safe across all these channels. Add in the fact that most organizations are adopting digital strategies to increase business productivity while meeting consumer demands, and this leaves most companies in a catch 22 and constant battle for the balance between security, productivity and innovation.
Here enters BOHH Labs. We offer a suite of patented and proven solutions that enable organizations to help minimize risk and disruption to business and innovation.
Security:
BOHH Labs’ security solution was built on making data privacy a priority. Our approach to security is to become more dynamic within the existing system and protect data from within. Our security approach focuses on on-premise and Cloud data security, as well as ensuring the secure transport of data in real-time. We do this using unique encryption algorithms and our own AI security platform that acts as a first line of defense against internal and external intrusion. We encrypt all data in real-time, but only providing access to data to authorized parties. Unlike other security solutions, even in the unlikely event of an unauthorized user accessing data, data protected by BOHH Labs is rendered unusable for that actor. Our patented, unique encryption algorithms are proven to secure with no key store or data storage, enabling us to help organizations mitigate data breaches and any associated penalties. In future blogs, we will address further how our technology protects data in on-premise databases, as well as with interaction on all Cloud, mobile and IoT devices.
Productivity:
While we believe it is invaluable to keep data protected, it also serves no benefit to keep it protected if it is not accessible. BOHH Labs offers a patented, secure federated search that provides users the ability to access data and content securely from anywhere, while still fully encrypted with document-level encryption at rest and in transit for storage and sharing on any device or desktop. Our search enables that one request performs a simultaneous search of your desktop, email, cloud stores and databases in real-time to return results in under a millisecond. This eliminates the worry of third-party intervention and hacking, time-wasted looking for data or even loss of data all together.
Innovation:
Today’s customers demand voice access to their data, rather than simply browsing services to integrate with their digitally connected lives both at work and home. However, with these voice-activated digital services as the primary access channels for users, comes an increased threat for cyberattacks. Built on our security approach outlined above, BOHH offers companies a level of flexibility that enables innovation through our unique Secure BOHH Bot. Our bot is an Artificial Intelligence (AI) voice and messaging interface that delivers seamless and secure transaction of all incoming and outgoing customer data requests in real-time without compromising performance, customer experience or customer accessibility. This allows companies to provide a safe and secure method to offer digital services to their connected customers and enable them 24/7 communication regarding their account information from anywhere on any device.
The balance and business decision-making between security, productivity, and innovation is becoming increasingly challenging for organizations in 2017. With the BOHH Labs suite of solutions, we can help companies minimize business risk and disruption while innovating secure digital products for their customers.
Now that we’ve addressed how BOHH Labs enables organizations to prioritize security without jeopardizing innovation, come back next Tuesday, when we will take a deeper dive into BOHH’s security and the philosophy behind our approach.
In the first installment of the BOHH Breakdown series, BOHH Labs’ CEO and search and security expert Simon Bain, outlines the steps needed for the industry to prepare for the increasingly complex world of cyber warfare.
The incidents of cybercrime continue to rise every day at alarming rates. As ransomware, fraud, Point-of-Sale, phishing, keylogging, and malware-based attacks and more continue to gain traction, organizations are at increased risk of enduring costly hacks that grow more intricate and difficult to prevent each day.
Even though organizations have the industry’s best solutions: firewalls, VPN’s, SSL certificates, encryption, and authentication policies, we still see on a daily basis that millions, and in some cases billions, of records (for example, consumer information, money, and private personal details), are stolen from these so-called secure systems.
So how do we go about fixing this?
Diagnosing the Problem
What’s wrong with cybersecurity today? Currently, most security solutions are merely analyses of the network that assess network holes and system weaknesses without patching or offering fixes. Simply put, the main focus and financial investment is on support for early detection and minimizing the impact of attacks; however, this does not address the root of the problem.
In essence, it’s like getting a diagnosis from your doctor without receiving any guidance on treatments: “We noticed that you’re sick and the operation will be costly. Good luck.”
Immunizing the Disease
Detecting security weaknesses is not enough to keep hackers, bent on stealing resources and consumer funds and information, from winning.
Security systems need to evolve automatically with each new call; they need to be able to react to situations, like how the human immune system reacts to an incoming disease – much like an immunization can react when germs enter the body, rather than creating feeble and unrealistic goals to prevent the germs spreading disease in the first place.
Similarly, data must be protected from within. It is up to organizations to try preventive measures initially, to stop the disease – in this case the hack – in the first place and to protect consumer data before there’s a threat.
Rebuilding the “System”
The first step the industry needs to take: Rethink the entire approach to protecting data.
Instead of only securing the network from the outside in, the focus must turn to tools securing the network inside out. This starts by turning a critical eye to the shortcomings of current solutions.
- Firewalls help with external hacks, but cannot defend against internal ones and other sophisticated attacks.
- Database encryption, perhaps among the most buzzed about solutions today, is also among the most insecure methods in use.
- VPNs are of varying effectiveness that are only as good as the users’ knowledge of protocols and public Wi-Fi and password management.
- Two-Factor Authentication: Though this may seem more secure that just having a password, two-factor authentication technologies actually face many of the same risks as password-driven systems.
- SSL Certificates: Too often people think simply using SSL certificates protects them from all web security vulnerabilities. While SSL certificates offer an encrypted connection between the client server, many servers are badly configured and often expose data instead of securing it.
Current technologies still have a part to play in security, but they remain unreliable in a vacuum without addressing their vulnerabilities in the first place.
Creating a Collaborative “Vaccine”
Improving security in 2017 requires industry collaboration. With all the detection solutions being employed currently, organizations must share the insights they learn during the nearly constant stream of hacks they face daily.
Take virus protection – everyone shares that information publicly and within a few hours the virus is dead. Most organizations do not want to disclose to the public incidents of breaches for fear of damage to their reputation and customer loyalty, but without open communication organizations are not making progress when it comes to security analysis and preventing future hacks.
While some organizations have started to unite behind closed doors and there are industry regulations emerging on how and when to report a breach, the industry as a whole needs to create a knowledge-sharing standard. The reality is that most hackers collaborate, so organizations should too.
If industry wants to take steps in improving security in 2017, we must reevaluate the approach and commit to investing in security by viewing it as an integral part of an organization’s livelihood and not just a routine, integrated process.
Now that we’ve addressed how the industry can get closer to a cure, come back next Tuesday, when we will share with you how BOHH Labs is the way forward to secure organizations in the new wave of cyber warfare.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Two million customer records pillaged in IT souk CeX hack attack
Second-hand electronics dealership CeX says two million customers may have had their personal information swiped by hackers. Several Reg readers dropped us a line after receiving an email from the Brit biz that informed them their personal details including first name, surname, address, email address and phone number had been illegally accessed by miscreants. Read more…
Trump's cybersecurity advisors resign en masse
Another Trump panel has taken a hit after eight out of 28 of its members resigned en masse. Members of the National Infrastructure Advisory Council (NIAC), which advises Homeland Security on matters of cybersecurity, have dropped out of the panel due to several reasons. In the resignation letter obtained by NextGov, they said the president doesn't give enough attention to the country's cyber vulnerabilities. Read more…
Hurricane Harvey scammers use disaster as phishing bait
As Hurricane Harvey continues to devastate southeast Texas, scammers are taking advantage of the catastrophe by sending phishing emails that can steal sensitive information or infect targeted machines, according to a new warning from US-CERT. Read more…
FBI/IRS-Themed Email Scam Spreads Ransomware
A phishing scam that uses fake FBI and Internal Revenue Service emblems in emails is circulating and attempting to entice users to download ransomware, the IRS warned this week. Read more…
