In our last post, we reviewed some of the best security techniques being used to keep our data protected and that we are grateful for in honor of Thanksgiving. Today, we will shed some light on what the team at BOHH Labs believes will be the hot topics in 2018 and share our predictions.
Every year experts turn to their magic crystal ball and share their thoughts on predictions they have for the upcoming year. Will we see the same trends from 2017 repeat themselves or we will see new ones develop in 2018? Below our experts from BOHH Labs weigh in on the discussion and offer their predictions for what’s ahead.
Blockchain will be the Heart of The Finance Industry:
It’s no secret that blockchain is the hot new technology, and we will see this technology be embraced predominantly by the financial industry. Because of its decentralized and distributed nature, more financial services institutions are looking at blockchain to replace the centralized business model. As an example, KPMG, one of the “Big Four” accounting firms, recently just joined the Blockchain Advocacy Group.
As Bitcoin is based around blockchain technology, and it has seen significant growth in value during 2017 event though it’s an unregulated currency, will continue to increase when security is a potential issue or will it fall off the tracks?
NASDAQ Advising People to Jump on Security Boards:
We all know security breaches are a big deal, so why aren’t more board of directors versed in the area? As the oversight of an organization’s value and growth, it’s critical for security to become a business priority and an integral part of their organizations’ daily operations. This means a companies’ cybersecurity activities must hold as much weight in decision-making in the same way as they do in the financial ones. As such, in 2018, we will see NASDAQ advise more security expert to join companies’ boards, so they can help companies navigate to better long-term performance and success.
Website Attacks Become a Bigger Target:
One of the type of attacks that we will see gain more traction this year is the website attack. With the growing use of online services (checking accounts, merchant accounts and Point-of-Sale (POS) systems, etc. now going through the web) the risk of attacks is large and has the potential to affect any institution using these services, as it opens access to institutions’ backend databases, document stores and applications all within easy reach.
Because an attacker gains access to the website through a hijack of a user’s requests and then makes a simple change of code to redirect payment information their way, while NOT stopping the requests correct path, this type of attack is very hard to find, but incredibly easy for attackers to undertake.
The website is no longer just a marketing tool. It has become a business tool, and as such, it now needs to be properly protected from attacks and placed inside a firewall, and preferably completely encrypted, so that attackers are unable to change, manipulate and delete code to their advantage.
Continued Chat Bot Growth:
The growth in the business use of chat bots will continue to increase based on their interactive nature and their capabilities to complement existing call center activities by taking away mundane tasks. However, with their interactive capabilities and the ability to use location services to reserve a table in your proximity and even order an item such as a coffee, it is becomingly increasingly important that all chat bot transports are secure. Similar to website data breaches, should intrusion attacks penetrate the chat bots, user trust will be lost as well as the possible loss of confidential data.
Public Cloud Adoption will Continue to Challenge Enterprise Companies:
While Cloud adoption is the goal of most global enterprise companies to help improve their IT speed, business agility, and modernize existing on-premise applications such as ERP, Finance and HR, adoption will be limited due to the time and money needed to implement cloud security standards that emulate enterprise on premise infrastructures.
By using a secure gateway to a Public cloud provider, enterprise accounts could accelerate their cloud deployments and benefit from the economics of cloud, plus have the ability of choice and move Cloud providers as the business sees fit.
IoT Attacks Will Keep Growing:
We will continue to see companies scramble to implement security for IoT devices and applications. We’ve already seen the significant and expansive impact that hacks on IoT devices can have and it will only continue as we move in to 2018.
General Data Protection Regulation:
Effective from 25th May 2018 companies will need to comply with the General Data Protection Regulation (GDPR) which applies to all companies that use or process data in the European Union. As several analyst articles suggest, only 25% of companies are expected to be in full GDPR compliance in May 2018, and as a consequence of this, the initial fine or penalties imposed on a none compliant company will be significant to warn other companies of its importance.
Now that we’ve highlighted some of the major security themes we predict will take center stage in 2018, come back next Tuesday when we will share some tips to stay cyber safe in the holiday shopping season.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Uber data breach from 2016 affected 57 million riders and drivers
Uber faced a data breach in 2016 that affected some 57 million customers, including both riders and drivers, revealing their names, email address and phone numbers. Read more…
Crypto-Currency Firm Tether Loses $30m to Hackers
Crypto-currency firm Tether has become the latest to suffer a damaging cyber-attack, claiming hackers have made off with over $30m worth of tokens. The crypto-currency stolen is USDT, a US dollar-based asset issued by Tether on the Bitcoin blockchain via the Omni Layer Protocol. Read more…
FCC Chairman submits plan to end net neutrality; New York AG claims agency is hindering probe
The Federal Communications Commission chairman on Tuesday announced a draft of his plan to dismantle net neutrality rules that ensure a free and open internet. The elimination of net neutrality regulations would pave the way for telecommunication/ISP companies to charge a premium for high-quality streaming, charge for or block access to certain web content, and intentionally reduce the speed of some websites over others -- as long as they are transparent about their actions. Read more…
Equifax now hit with a rare 50-state class-action lawsuit
This rare 50-state class-action suit against Equifax, highlights the massive costs and critical damage companies could face in the wake of a cybersecurity attack. Read more…
In our last post, we talked about some of the most famous corporate data breaches and how BOHH could have prevented them. This week, in honor of Thanksgiving, we are looking at some of the best security techniques being used to keep our data protected and giving thanks.
Encryption
This is hardly a new strategy for keeping our data protected, but it is has become a standard protocol in today’s security measures. The core foundation of encryption focuses on converting information or data into a form unreadable by anyone except the intended recipient. While encryption itself does not prevent hackers from getting access to data, it does make it unreadable to those who intercept it. At BOHH, we believe the parties at the two ends of a data message – the sender and requester – should be the only ones who have access to that data message. We use a keyless encryption algorithm from end-to-end to ensure all data – both at rest and in transit – stays protected, without any possibility of decrypting it, even at the sever level.
Artificial Intelligence
Though popular culture used to associate Artificial Intelligence (AI) with robots and science fiction, it is on the rise as a technology influencing a variety of sectors, including the cybersecurity industry. Staying ahead of hackers has become increasingly challenging. As such, the self-learning capabilities and ability to recognize patterns and anomalies within them, makes AI a great tool to detect threats. At BOHH, our AI Engine is a core component to our security approach. We use an AI Engine to do threat analysis and to prevent intrusion – it manages ports, interacts with user requests, and maintains a secure connection by identifying and removing any unwanted traffic before it is passed along and gets access to any of the backend applications or databases.
Firewalls
Firewalls have been around for a while and are often overlooked as a part of a security strategy, but they are a useful tool to help thwart attacks from external bad actors. Much like its name describes, firewalls are used to keep networks protected and act as a first line of defense of all data traffic that passes in and out of the network. Based on pre-set rules and security requirements set by a company, firewalls examine incoming traffic against those pre-set rules and blocks unauthorized attempts trying to get in. Firewalls continue to be one of the most popular tools in the IT industry and continue to evolve over time as more sophisticated security challenges and attacks develop. At BOHH, we work in conjunction with a firewall system. The BOHH security platform sits on top of the firewall and enables full encryption inside the firewall for added security to keep data protected.
Multi-Factor Authentication
As technology advances and hackers’ attacks evolve and become more sophisticated to take advantage of these advancements, using only a single authentication system, like a password is no longer enough. This is where multi-factor authentication comes in. The goal is to add multiple layers of security to make it more difficult for unauthorized users to take over an account. Multi-Factor Authentication is a great technique because if one factor is compromised, an attacker still has one or two other barriers to get through before successfully breaking into the target. There are many different methods to do Multi-Factor Authentication such as password followed by text, email, pin number confirmation, or even biometric authentication (voice, fingerprint, etc.) which is gaining popularity as technology advances. At BOHH, we employ multi-factor authentication via voice authentication, fingerprint or sending code confirmation messages to your mobile phone or email for verification.
Each of these technologies have a critical place in companies’ security strategy; however, each of these are just on piece of the whole puzzle and should not be the only tool used to combat security threats. For security to keep pace with the evolving and complex attacks in today’s complex environment, there must be a more holistic approach when securing data by combining the various security solutions available.
Now that we’ve highlighted some of the security techniques we are thankful for, come back next Tuesday when we will share some of our predictions for what lie ahead in 2018.
In our last post, we talked about the state of security for the Internet of Things (IoT) and how BOHH Labs’ approach brings more confidence to keeping these devices secure. This week, we will take a look at some of the most famous corporate data breaches to occur, and how BOHH could have prevented them.
Breach: Equifax (2017)
One of the biggest data breaches to dominate headlines recently is the Equifax breach. While it may not go down in history as one of the biggest breaches, it certainly made a big splash due to the sensitive nature of the data that was leaked. Over 143 million consumer records were exposed, and the information exposed included names, Social Security numbers, birth dates, addresses and in some cases, driver's license numbers. Due to poor network security and failure to update its software, hackers gained access to Equifax’s database through a web application vulnerability. While it was thought it was a US attack, its impact was global and affected Equifax customers and non-customers.
Type of Breach: Web Application Attack, leaving gaping holes to its network for hackers to exploit.
How BOHH Would Have Prevented It: Because BOHH’s service intersects all data requests, it is able to stop malicious attacks on the back-end database. Each data request has to go through a validation process before it gains authorized access to the backend database. BOHH also uses a patented system so a user’s data request never has direct access to the network server It can also check the return from the database, making sure only authorized information is returned.
Breach: Target (2013)
Though this breach took place several years ago, this is still one of the most famous breaches that has occurred due to the volume of people affected that compromised millions of its customers’ credit card and debit card accounts. All it took for 70 million people to have their credentials stolen was changing one line to the source code in the payment processing system and voilĂ . Target was unaware of the redirection of credit card details for a significant period of time which impacted their ability to resolve the issue and reduce the customer and finance impact.
Type of Breach: Phishing Attack, threat from unwanted access to a website, where changes are made to the website code enabling data to be re-routed/pushed to thief.
How BOHH Would Have Prevented It: BOHH prevents data from being re-routed through its patented block file system enabling full encryption of a website inside the firewall. When a user requests the website, BOHH goes to the server, and the AI engine pulls up the right blocks and decrypts them. It then puts the page together and passes it in memory to the web browser. This is without any direct access to the server from the requester, preventing phishing attacks and website changes to confidential data.
Breach: NSA Contractor Edward Snowden (2013)
One of the biggest intelligence leak in US history took place thanks to a NSA contractor abusing his system administrator insider access to the database and confidential information.
Type of Breach: Insider Threat/System Administrator abusing internal control and weakness in security procedures to leak confidential information.
How BOHH Would Have Prevented It: With BOHH, each dataset is encrypted with dynamically allocated keys and no encryption keystore, making it impossible for any user (including database admin) to steal useable data. This means that even if an insider gets access to confidential information, it is unreadable because there is no way to hack the encryption key.
These are just a few of the many attacks that could have been prevented by BOHH’s innovative approach to security.
Now that we’ve highlighted how BOHH could have helped prevented some of the most famous breaches around, come back next Tuesday when we take a look at some of the best security techniques being used to keep our data protected and give thanks in honor of Thanksgiving.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Fake WhatsApp app downloaded more than one million times
A fake version of the WhatsApp messenger app was downloaded more than a million times from the Google Play Store before it was removed. According to users, the fake contained ads and could download software to users' devices. Read more…
Senators Blast Equifax and Yahoo for Massive Data Breaches
Both Yahoo and Equifax took the stand this week to address the major customer data breaches that happened under their watch and what responsibility their companies had for the historic data breaches that saw billions of Americans' privacy compromised. Read more…
What's going on with Ethereum? $280m in cryptocurrency 'lost' amid security scare
Approximately $280m worth of the cryptocurrency Ethereum has been frozen in time – and potentially lost forever – after an unidentified developer accidentally triggered a critical bug in a shared code library used by digital wallets maintained by Parity Technologies. Read more...
2.7M Verticalscope credentials compromised
The Canadian web forum manager Verticalscope has again been hacked with 2.7 million user accounts being affected this time. The latest incident takes place about one year after the company reported that 45 million user credentials had been compromised. Read more…
In our last post, we talked about the rise in popularity of chat bots and how BOHH supports the security of them. For this week’s installment, we will take a look at the state of security for the Internet of Things (IoT) and how BOHH Labs’ approach brings more confidence to keeping these devices secure.
Market analysts predict dramatic growth in the adoption of enterprise cloud services incorporating IoT technologies. In fact, Gartner predicts that more than half of major new business processes and systems will incorporate some element of the IoT by 2020.
However, the world has already witnessed some of the consequences to the growing adoption of IoT with the likes of the infamous Mirai botnet that took down major companies including Twitter, Amazon, PayPal and Netflix and off the Internet.
While this trend continues to gain popularity in updating companies’ strategies, the IoT industry continues to be a top challenge for security professionals and keeping those devices and networks safe.
Some of the major challenges companies are faced with by integrating IoT applications include:
- Many IoT products are designed with convenience in mind and don’t have the proper security measures built in place at the design level/product development, leaving them insecure from the start.
- IoT devices often come with old or unpatched operating systems. Additionally, these systems often need frequent software updates to patch for vulnerabilities, and if users do not complete these, it opens the devices to risks.
- Most IoT devices come with a default password that users don’t often change, making it easier for cybercriminals to hack these devices and easily hop on to a company’s network that the user is trying to connect with.
- IoT devices communicate with your network, as well as multiple other outside systems and networks companies don’t have control over. This throws open the door to malicious attacks directly on the enterprise databases and applications accessed by these services.
Although the security industry has been talking about how to secure IoT devices for years now, there are still too many backdoors and insecure devices being used today. Unfortunately, with the rise in IoT networks, comes the rise of security threats and questions about who is really at the other end of the connection.
Companies’ digital strategies should not come at the expense of security. At BOHH, we support the use of IoT devices, while keeping the enterprise network safe by enabling a secure flow of all data traffic between these devices and the end enterprise services.
We help enterprise networks stay better protected against attacks open by IoT services by managing the whole data transaction process and working natively with the IoT devices to secure the messages that are passed back and forth between the requestor and the responder. Our approach separates out the requestor from the request and securely allows, after AI validation, the request to navigate to whatever end-point is required. This leaves the requestor waiting until the response has been collected and checked before moving it forward and returning the request to the requestor.
Unlike other security approaches, our approach prevents a request in to the network without being validated before gaining authorized access to a backend system or application. This approach enables BOHH to separate, recognize and maintain a secure connection to all relevant enterprise systems (i.e. the many different IoT devices and systems they connect with) and prevents any third parties from trying to hop on (piggyback onto) the connection and get to the backend database/application.
The use of IoT is here to stay, and is only predicted to grow, so it is more important than ever that new security is applied to securing enterprise networks to keep pace with innovation in enterprise IoT services.
Now that we’ve highlighted how BOHH helps enhance IoT security, check back in next Tuesday when we take a look at some of the most popular past breaches and how BOHH could have helped.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Hilton data breaches lead to $700,000 penalty
The attorneys general of New York and Vermont both announced today that their joint investigation into two Hilton data breaches has resulted in a $700,000 penalty and a promise to strengthen security. In all, over 363,000 credit card numbers were exposed. Read more…
Trump Organization didn't discover shadow subdomains with Russian IPs for four years
A series of shadow subdomains, all with Russian IP addresses and associated with malware campaigns, were created after hackers accessed the domain registration account of the Trump organization and likely went undiscovered until as recently as this week. Read more…
Unencrypted USB stick with 2.5GB of data detailing airport security found in street
An unencrypted USB flash drive detailing airport security and anti-terror measures was found on a street and sparked an investigation by Heathrow Airport. The USB stick, which contained 2.5GB of data, was neither encrypted nor required a password to access it, and contained 76 folders, packed with maps, documents and videos, even security measures to protect the Queen. Read more…
Malaysian data breach sees 46 million phone numbers leaked
A massive data breach has seen the customer data of more than 46 million mobile subscribers in Malaysia leaked on to the dark web. The leaked information includes mobile numbers, unique phone serial numbers, as well as home addresses. Read more…
