In our last post, we looked at several ways companies can increase their potential to prevent data breaches. This week will be addressing the rise in popularity of chat bots and how BOHH supports the security of them.
Bots (chat bots) are quickly becoming the interface of choice for many organizations and individuals (particularly the younger generation), as they are an invaluable way that people, computers and IoT devices can access and update information on demand.
While bot technology has been around for some time now, there are several reasons why we are seeing a major uptick in their use.
First, the core technology that powers bots is improving dramatically and enables computers to process language and converse with humans in ways they never could before. The advancements in Artificial Intelligence (AI) and Natural Language Processing (NLP) is making it possible for bots to better understand users’ needs and how to complete them.
Additionally, the way we communicate has changed drastically – gone are the days where in-person visits, phone calls and even emails are the primary services for companies to engage with customers. Instead, people today demand conversational (voice) rather than browsing (keyboard) services that integrate into their digitally connected lives and offer them 24/7 interaction from anywhere at any time. One of the major appeals of bots for organizations is that they are a cheaper and faster method to serve and reach their customers like never before and offer more on-demand services that often results in cost savings for a more streamlined experience. Bots are not replacing customer services teams, but complimenting them by improving customer satisfaction (Net Promoter Score) indicators. It also supports organizations’ objectives of providing greater customer self-service, especially when user’s will make swifter decisions to move from one provider to another if customer service is poor.
As such, we are beginning to see a major uptick in companies integrating bots services into their business and customer engagement strategies. However, while bots offer many advantages, current bot solutions are NOT secure and leave a new door open to malicious attacks as they provide direct access to an organizations’ network, applications and databases.
By not addressing these security implications, companies are at risk of jeopardizing confidential data, as well as revenue from malicious attacks. At BOHH Labs, we believe that digital and technology advancements should not come at the expense of enterprise security. So, to help prevent attacks that are opened from bot services, BOHH’s approach to bots secures beyond what the market currently offers today, and ensures that the data request is validated before gaining authorized access to a backend system or application. The BOHH Bot Security Service separates out the requestor from the request and securely allows the request to navigate to whatever end-point is required. This leaves the requestor waiting until the response has been collected and checked before moving it forward and returning the request to the requestor.
We do this in a number of ways, but mainly with our AI and NLP engines, which manage the data transaction process – the AI engine looks at and cleans any unwanted traffic, while the NLP engine takes the incoming message and determines where it should be sent – meaning the user can use plain text with no command languages. Together, these two technologies can separate, recognize and maintain a secure connection to many different systems and prevent any third parties from trying to hop on the connection and get to the backend database.
All of this is done in real time (hundredths of a second), so there is no disruption to the user experience, just the confidence that their transaction/request is secure.
Now that we’ve highlighted why bots usage among companies is on the rise and how BOHH helps enhance bot security, check back in next Tuesday when we take a look at IoT security.
I
n our last post, we revisited some of the most pressing cybersecurity trends in 2017 and tracked where the industry is at as the end of the year nears. Today, we will address an important subject: breaches and how many of them can be prevented.
This year has seen its fair share of major breaches – from WannaCry and Petya to Equifax and the recent Deloitte email server hack. All these breaches have something in common – and it is not just the fact that millions of records were exposed – they all could have been prevented or greatly reduced by simple patches and software updates.
Unfortunately, these are just a few of the attacks that could have been prevented by simply updating software systems and vulnerabilities. While security is no easy feat, it is becoming too common that many breaches are occurring due to companies’ negligence caused by failure to update software components that are known to be vulnerable for months or even years.
There is no excuse for breaches when there are known security updates available to fix the vulnerabilities. A large part of the issue today is that companies have not been prioritizing these fixes and other security solutions. Below are several recommendations from BOHH Labs that companies can employ to help bring better tools to their security strategy.
Update old systems and Implement Security Patches
Businesses often ignore server patches or updates until they encounter issues. When this happens, hackers use malware and other type of attacks to exploit these holes and get into your system. Because Software systems are constantly evolving, security updates and patches are commonly released to keep up with software improvements. Often, these patches come with instructions to make the updates and failure integrate these into your system can lead to vulnerability and allow hackers to gain access company and customer data.
Implement a Zero Trust Model
In today’s complex cyber world, there is no longer any trust in security. It is clear there are no longer a trusted and an untrusted engagement on our security devices, on our networks or even users. It is time companies eliminate the idea of a trusted network and start implementing a zero-trust model approach that views all users and network traffic as untrusted that must be verified and enforce strict access control. At BOHH Labs, we have embraced the Zero Trust Model into our security approach and prevent unauthorized third-party interaction with all data traffic by a keyless encryption algorithm that automatically invalidates data when accessed by unauthorized users, rendering it useless to the unauthorized party.
Break the Data Request for Better Security
Following off the concept of the Zero Trust Model, it is important not to assume that every data request that comes in is from a trusted source. As such, a user’s data request should never have direct access to the network server as there could be malicious attackers who have jumped on to the connection to get entrance into your system. One way to help prevent this situation is to break every data request before it goes into your network. At BOHH, we employ this technique and when a data request comes in to the company network, the BOHH security appliance receives the request first and decrypts the request before passing it through, knocking out any other requests trying to hop on the original request and get into the network.
Encrypt End-to-End
Encryption is a great tool to help keep data protected, but if the data is not encrypted from end-to-end in the transaction process, it leaves an opening for hackers to get access to that data once they have penetrated your system. At BOHH, we believe the parties at the two ends of the data message – the sender and requester – should only have access to that data message. At BOHH, we use keyless encryption from end-to-end to ensure all connections to backend assets reveal no infrastructure details to an attacker as to location of firewall, keystore, database, or other assets if they find a way in to the network. End-to-end encryption is key to keeping data encrypted, without any possibility of decrypting, even at the sever level.
There is no sign of hackers and attacks against companies stopping any time soon but these are a few tools companies can use to help stay better protected from tomorrow’s breach.
Now that we’ve highlighted some ways companies can increase their potential to prevent data breaches, check back in next Tuesday when we take a dive in to the world of bots and how they can be used to securely.
In our last post, we talked about how BOHH Labs can help companies with GDPR compliance. Today we will revisit some of the most pressing cybersecurity trends in 2017 we cited at the beginning of the year and track where the industry is at as the end of the year nears.
In a previous post at the beginning of 2017, we outlined the top predictions for what’s to come in 2017 in the security industry. Below are several trends that were identified to watch closely throughout the year and in this post, we will track any major developments the industry has seen up to this point.
Ransomware: Ransomware gained popularity among many cybercriminals this year since they know most organizations would rather pay the ransom fee to get their data back rather than admit there had been a breach or stop operations while they are being exploited. According to the 2017 Verizon Data Breach Report (DBIR), ransomware is now the fifth most common attack type. One of the most notable ransomware attacks this year was NotPetya, which resulted in major monetary loss for many companies, including FedEx which estimates ransomware attack cost $300 million.
Mobile security: Despite the popularity and norm of mobile devices and BYOD strategies accepted as standard in today’s enterprise model, there is still huge concern around security. In fact, it has been found that many of today’s top enterprise apps that people use, including Uber, WhatsApp Messenger and Facebook Messenger for Android, present the most risk to enterprise data. In fact, Skycure reports that 21% of organizations have traced a data breach to their BYOD program.
Security of Internet of Things devices: There is constant talk about the impact the Internet of Things and how the connected world can improve both our personal and professional lives, but these devices also bring a host of security issues and 2017 is evidence of this. For instance, according to Fortinet's Threat Landscape Report for the second quarter of 2017, 90% of organizations recorded attacks that targeted system and device vulnerabilities that were at least three years old, even though updates and patches had long been available.
Challenges in the cybersecurity workforce: Conversations about a global shortage of cybersecurity professionals and the specialized skills needed have dominated in 2017, and not much has changed thus far. There is still a shortage of cybersecurity professionals in the workforce but a study from Dimensional Research, examined how organizations are addressing a growing cybersecurity skills gap. Some of the findings to keep the skills gap at bay in the future include 98% of respondents expect other functions like non-security teams to be more involved in cybersecurity moving forward, as well as 96% percent of respondents believe that automation will play a role in solving the skills gap in the future.
As the end of 2017 nears, it has become evident that 2017 has been an eventful year. Now that we’ve checked back in on the major security trends in 2017 to watch, check back in next Tuesday when we talk about some things on how some breaches can be preventable.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Hyatt Hotels Suffers International Payment Card Data Breach
For the second time since 2015, Hyatt Hotels has suffered a breach of customers' payment card data due to attackers infecting its systems with malware. Read more…
Equifax website borked again, this time to redirect to fake Flash update
In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and other details for 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers. Read more…Read More...
Accentuate the negative: Accenture exposes data related to its enterprise cloud platform
Another company has mistakenly exposed its sensitive internal information after storing data on misconfigured cloud-based servers from Amazon Web Services. The culprit in this case – the $32.9 billion consulting and professional services company Accenture – was found to be insecurely storing data that, ironically, has to do with its own cloud-based enterprise solution, the Accenture Cloud Platform. Read more…
Hundreds of Fake iPhone Accounts Spread Social Scams
Security experts have warned users not to fall for scams and malicious content being spread by hundreds of fake iPhone social media accounts set up to capitalize on Apple’s latest smartphone release. Read more…
In our last post, we talked about how the ease of implementation when integrating a new cybersecurity tool into your existing infrastructure network can help enhance productivity. Today we will address a situation many companies are facing and trying to beat the clock on: how to comply with GDPR regulations and how BOHH Labs’ security solutions can help organizations successfully address many of the requirements.
The General Data Protection Regulation (GDPR) is the biggest change to European Union (EU) privacy law in over 20 years, and it will have a major impact on how many organizations in the EU and across the globe collect, use, and store personal information about individuals. Although greater data protection is becoming more important than ever, the burden of updating security polices and strategies for organizations to comply with GDPR can be overwhelming and take a considerable amount of time and resources. As the deadline for complete GDPR compliance in May 2018 nears, many companies are scrambling to find solutions and make updates that meet the requirements.
BOHH Labs’ security solution was built on making data privacy a priority, so we are confident that our security solution will help organizations successfully address GDPR requirements. Our approach to security is to become more dynamic within the existing system and protect data from within. While our security approach focuses on on-premise and Cloud data security, the concept of securing and managing data in certain domains has many parallels with GDPR regulations.
How we do this?
Unique Encryption
Our approach to security is to encrypt all data in real-time, while still retaining search capabilities, but only providing access to data to authorized parties. Our patented, unique encryption algorithms are proven to secure with no key store or data storage, enabling us to help organizations mitigate data breaches and any associated penalties.
Data Records
BOHH Labs’ proven security platform helps companies to maintain data records and audit data is available if required (although as part of our data privacy philosophy, we don’t keep historic data today, but it can be stored within an enterprise database).
Infrastructure Agnostic
Our appliance is infrastructure agnostic and is deployed on top of existing systems between the infrastructure, firewalls and transactions with both Cloud and on-premise implementations, so there is automatic backend data protection as data goes in and out of the entire ecosystem.
Data Masking
GDPR punishes businesses that fail to leverage appropriate protection measures – such as data masking technologies—as a part of their overall security posture. Data masking enables companies to fulfill GDPR requirements to pseudonymize (anonymize) sensitive data that otherwise could directly or even indirectly identify a specific individual. BOHH’s encryption capability helps companies to protect/mask data from unauthorized users.
Right to Access
GDPR also introduces the right for data subjects to obtain from the data controller confirmation as to whether personal data concerning them is being processed, where and for what purpose. This means companies must be able to find and produce a copy of an individual’s data quickly among the millions of data they hold. BOHH Labs helps solve this with its patented, secure federated search that enables for one request to perform a simultaneous search across multiple repositories in real-time to return results in under a millisecond.
As organizations work toward implementing strategies to be compliant with GDPR, BOHH Labs is here to help companies focus on data privacy and provide a simple and quick solution to successfully meet many of the requirements. For more information on how BOHH Labs can help with compliance, reach out to us at info@bohh.io.
Now that we’ve looked at how BOHH Labs’ security solution can help organizations successfully address GDPR requirements, check back in next Tuesday when we will revisit some of the most pressing cybersecurity trends in 2017 we cited at the beginning of the year and track where the industry is at as the end of the year nears.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Yahoo now thinks all 3B accounts were impacted by 2013 breach, not 1B as thought
Internet giant Yahoo’s massive 2013 security breach has dealt the company yet another blow. The company now believes that all of its three billion accounts were impacted, not 1 billion as it previously thought. This will include all people who have Yahoo emails, and all people who had registered for any other Yahoo service like Flickr or fantasy sports. Read more…
Equifax twice missed finding Apache Struts vulnerability allowing breach to happen
Former Equifax CEO and Chairman Richard Smith sat before a house committee to address his actions during the period when his company exposed the personal information of 145.5 million people. The most eye-opening testimony he gave surrounded the fact that Equifax learned of the Apache Struts vulnerability from U.S. CERT and then twice searched for any issues in its networks coming up empty each time and thus allowing the flaw to remain unpatched in its Consumer Dispute Portal. Read more…
Severe flaws in DNS app create hacking risk for routers, smartphones, computers, IoT
Google researchers disclosed seven serious flaws in an open-source DNS software package Dnsmasq, which is is commonly preinstalled on routers, servers, smartphones, IoT devices and operating systems such the Linux distributions Ubuntu and Debian. The most severe of the vulnerabilities could be remotely exploited to run malicious code and hijack the device. Read more…
Net neutrality debate 'controlled by bots'
More than 80% of the comments submitted to a US regulator on the future of net neutrality came from bots, according to researchers. Data analytics company Gravwell said only 17.4% of the comments were unique. Most of the 22 million comments submitted to the Federal Communications Commission over the summer had been against net neutrality, it suggested. Read more...
In our last post, we outlined an IoT scenario to highlight how BOHH’s solution can not only fit in to a real-life business operation workflow, but also improve the security, transport and access of data. Today, we will address an area that often gets overlooked in our era of nonstop attacks and breaches - the ease of implementation when integrating a new cyber security tool into your existing infrastructure network.
As cybersecurity continues to be top of mind for organizations and its executives, most of the conversation has surrounded how to keep information safe from threats and hackers and which cybersecurity solution will be used; while these are important aspects to consider, there is often not as much attention given to how cybersecurity products will actually fit in to a company’s network and infrastructure.
It is important to note that when companies are ready to introduce a new security solution or product in to their network, research and pricing estimates need to be considered on the entire network system, not just the product. Some of the questions that need be researched and answered include:
- Our company has already invested heavily in other solutions, will this make those investments useless?
- Do I need to overhaul my infrastructure to integrate this new product?
- Will I need to bring in additional equipment and/or staff to integrate this product?
- Will this create downtime and pause workflow to put this product into my system? Will that take days? Weeks? Months?
- Will this new product have legacy issues?
By not addressing these considerations ahead of time, companies are at risk of losing business productivity – both time and money.
At BOHH Labs, we believe that enhanced security should not come at the expense of enterprise productivity.
As a software and infrastructure agnostic appliance, BOHH’s security solution is easily deployed on top of the existing enterprise system between the infrastructure and firewall to protect data without impacting performance or hindering the core role of the system it defends. Because our solution leverages existing infrastructure investments, we enable companies to maximize ROI, and eliminate overhaul of the infrastructure, overhead in terms of equipment or staff, and downtime to implement or lag time on the disparate underlying system, which reduces disruption to business production and workflow. Additionally, our solution allows companies to rapidly upgrade existing legacy infrastructure to provide secure cloud services without loss of security, access or speed as there is no need for data migration.
In fact, once the application is implemented, there is no other work needed to keep it running and protecting your data or future upgrades. This means zero compromise to
By ensuring easy implementation of our solution, we help reduce both direct and indirect costs resulting from business disruption, as well as financial loss due to downtime or disruption to customer accessibility and experience. Additionally depending on the security solution deployed we can help meet Regulatory Compliance such as elements of GDPR.
Now that we’ve taken a deeper dive into how BOHH’s solution can seamlessly fit in to existing infrastructures enabling businesses to enhance productivity and maximize ROI, come back next Tuesday to address a situation a majority of companies are facing: how to comply with GDPR regulations and integrate news tools to meet the data security requirements. We will address how BOHH Labs’ security solution can help organizations successfully address GDPR requirements.
