In our last post, we took a closer look at Artificial Intelligence and how it can enhance the cybersecurity industry. Today, we are addressing how to support digital innovations without sacrificing security.
What makes a company successful? Ask almost any enterprise today and they will tell you that innovation is a critical piece to ensuring long-term success in the current and evolving business environment. The companies that are able to adapt to the ways in which the market is evolving, compete with newer entrants, and even capitalize on the opportunities and possibilities innovation brings, will be the ones to emerge as successful leaders. Since 2000, a significant number of Fortune 500 companies that are no longer trading, as they couldn’t embrace business change.
Innovation can mean a lot of different things, but for today’s purpose, we will focus on digital innovation of new devices, tools and methods to help businesses streamline their operations and communication engagements with customers. As such, cloud services, IoT implementations and chatbots are some of the top digital innovations that are dominating today’s enterprise ecosystem. Adoption of these technologies is exploding across enterprise cloud services. And while every enterprise would agree these channels are good business investments, there are still challenges of these tools opening their systems and users to massive, widespread and malicious security threats.
At BOHH, we believe that innovation should not come at the expense of security and vice versa. While it may be tricky, there is a way to find balance between the two. Below are several recommendations to support integrating digital innovations in to your business strategy without sacrificing security.
- Consider how these new innovations are handling data before full adoption. Organizations must plan for how the information is stored, how long it’s stored for, how it’s used, and who has access to it on these new channels. This is especially important for highly regulated industries that will deal with sensitive customer information. Perhaps before initiating complete adoption, organizations should consider automating some services using digital innovation tools but still have them working in tandem with human teams to improve the data flow without sacrificing security.
- Research thoroughly the digital innovation tools you plan to integrate if you are using a third party. Many brands are integrating tools such as chatbots and IoT devices that are third-party platforms. While this is a convenient solution, it does mean that the security features are decided by the third party’s own security branch, which means the organization does not have as much control over the security features on the tools they are using to interact with customer data that needs to be protected. If possible, businesses should rely on building their own digital innovation channels from scratch with security built in at the foundation level or working with third party platforms that follow this same rule. Because businesses hold responsibility in keep their data and customers’ data safe, it is important to do a lot of research on the security protocols needed before integrating these tools in to their business strategy.
- All communication on these new tools should be encrypted and deployed only on encrypted channels. This is something that is relatively easy to set up on an organization’s own website and encryption is a great tool to help keep data protected. However, it is important to note that if the data is not encrypted from end-to-end in the transaction process, it leaves an opening for hackers to get access to that data once they have penetrated your system. End-to-end encryption is key to keeping data encrypted throughout the whole data journey, so the data stays better protected from bad actors no matter what channel it is being stored on or accessed through.
Hopefully these tips offer some good balance on adding innovative digital tools to your business strategy without compromising security. Come back next week and we will switch gears a bit and talk about the hot topic of cryptocurrency and how to better protect your investments.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Aetna Signs $1.15 Million Settlement With NY for Breaches
After settling a breach lawsuit for $17.2 million, Aetna has signed another large settlement related to privacy breaches involving mailings to its health plan members. Read more…
Hackers lure victims with fake cryptocurrency SpriteCoin
Researchers say SpriteCoin “is not really a true cryptocurrency, but is one that was created for this specific attack.” In this case, “the allure of quick wealth through cryptocurrency seems to be enough to trick unsuspecting users to rush toward the wallet app du jour without consideration.” Read more…
Ransomware Detections Up 90% for Businesses in 2017
Ransomware became the fifth-most-common threat for businesses in 2017 as detections increased by 90% from the previous year. Attacks also hit consumers hard, reaching a 93% detection rate year-over-year, reports Malwarebytes. Read more…
14 flaws found that could take over industrial control systems
Several serious flaws have been discovered in license management software used in industrial control systems. The vulnerabilities could allow an attack to remotely control such systems or carry out DoS attacks. Read more…
In our last post, we talked about the good and bad to come out of the Intel microprocessor security flaws. Today, we are taking a closer look at AI and how it can enhance the cybersecurity industry.
Since its inception more than 50 years ago, much of the conversation associated Artificial Intelligence (AI) was centered on the future of robots and science fiction; however, in recent years AI has been dominating the conversation in the volatile cybersecurity market. AI is becoming so popular as tool to combat cybersecurity in the last couple of years, that it is quickly becoming a standard tool to have in your overall security strategy. But what makes it so great for fighting cybercrime?
Staying ahead of hackers has become increasingly challenging, and the sheer number of beach attempts on a given company daily is unmanageable by humans alone. This is where AI can be helpful by looking for and detecting any network traffic abnormalities. AI uses a compound set of algorithms to detect patterns and predict outcomes from a large amount of data online. As such, the self-learning capabilities and ability to recognize patterns and anomalies within them, makes AI a great tool to detect cybersecurity threats within the network in real time.
This means AI will be influential in helping security teams prioritize important and relevant information among the high volume of data now available to reduce noise and solve attacks more rapidly. It will enable security teams to automate the irregular activity detection process and help reduce/flag breach attempts to a few thousand worthy of human review.
Another area AI offers great potential is in the cybersecurity workforce. In 2017 there were a lot of conversations surrounding a global shortage of cybersecurity professionals with the specialized skills to address the evolving security challenges faces companies daily. So far, not much progress has been made. AI could be a good method to help address the growing cybersecurity skills gap as some of the areas it can help with include helping automate some of the security tasks like network scanning, as well as help train employees on cybersecurity awareness.
Additionally, security companies are not the only ones noticing the benefits of AI – many hackers are too. It is predicted that 2018 will bring a rise in AI-based attacks from cyberhackers to mimic human behaviors. In order to keep up with these complex and coordinated attacks, there will be an even greater need for companies to invest in their AI cybersecurity tools to meet these new threats head on, making it an important spend in they cybersecurity strategy.
Like many companies, BOHH believes AI capabilities are a great tool to integrate in a cybersecurity strategy and our AI Engine is a core component to our security approach. We use an AI Engine to do threat analysis and to prevent intrusion – it manages ports, interacts with user requests, and maintains a secure connection by identifying and removing any unwanted traffic before it is passed along and gets access to any of the backend applications or databases.
AI offers great promise in the cybersecurity realm, and it will be exciting to see how the technology continues to develop and impact the industry.
Come back next Tuesday for our breakdown on how to support digital innovations without sacrificing security.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch
Intel says the unexpected reboots triggered by patching older chips affected by Meltdown and Spectre are happening to its newer chips, too. Read more…
BEC Attacks to Exceed $9B in 2018: Trend Micro
Business email compromise (BEC) attacks are projected to exceed $9 billion in 2018. To put that number in context, it has been less than a year since the FBI reported BEC attacks had become a $5.3 billion industry. Read more…
Mailchimp Found Leaking Email Addresses
MailChimp, the bulk email company responsible for sending millions of newsletters, promotional mail and other mass communiques every day, has been leaking respondents’ email addresses. Read more…
Cryptocurrency Investors Worry, Wait After Bitcoin Price Drop
Over the last month, in a series of volatile swings, the price of the cryptocurrency bitcoin rose to a record high — then plunged to less than half that value. The abrupt changes have inspired comparisons to the dot-com bubble, and underscored the extremely speculative nature of investing in cryptocurrency. Read more…
In our last post, we shared tips for kicking your security strategy off right in 2018. Today, we will take a deeper look at the recent Intel chip security flaw news that shocked the world and highlight the good and bad to come out of it.
When it came out that Intel chips were exposed to security flaws and the vulnerabilities affect almost all the microprocessor chips manufactured by Intel, it immediately put fear in to pretty much everyone who owns a computer or cell phone. In fact, according to the industry consultancy IDC, the Intel chips back 98 percent of data center operations The two flaws are called Meltdown and Spectre and could potentially allow hackers access to all the memory contents of computers, mobile phones, and servers.
While the flaw discoveries highlight some of the issues with security, there is also a silver lining. Below we highlight several of the good and bad points to come out of this.
Since everyone likes good news before the bad, we will start with the good:
- This news has prompted users to make sure they update their systems with the new patches and updates. Additionally, in order to protect themselves from the chip flaws, many security experts have recommended that users go in to their settings and install security updates automatically – this will ensure their systems stay up to date as possible as manufacturers release system updates. This is a great start in getting every day users more invested in security and show them how the much talked about cybersecurity industry can affect them personally.
- One of the two flaws, Meltdown, can be addressed with software updates, which many of the major manufactures including Apple, Google, Microsoft, and Amazon, jumped on top of getting a patch out for their systems quickly to protect against the Meltdown vulnerability. It is a positive too see these top companies make the fix a priority.
- So far, there has not been any evidence that hackers have been able to capitalize on these flaws. This means, this is just a good warning for better security preparation.
Unfortunately, with the good always comes the bad:
- The flaws were discovered by independent researchers. While it is great the flaws were discovered, it does bring to question why Intel was not more on top of it.
- One of the flaws, Spectre, is not an easy fix. Unlike the Meltdown flaw which is a software fix, Spectre is a hardware fix that could mean the need to redesign the processor itself some researchers suggest. This means it is not an easy fix.
- The sheer size of the potential danger these flawed microprocessor chips could inflict across the world globally needs to be taken very seriously. This highlights our reliance on technology and assumption that they are built securely from the foundation, and how just one flaw exploited by a hacker could impact the entire world.
The ramifications of how these bugs will impact computing the industry is still yet to be fully determined, but in the meantime, it’s important to look what we can learn from it. Come back next Tuesday when we take a closer look AI and how it can enhance the cybersecurity industry.
It’s the start of a new year and with that comes new goals and resolutions. As cybersecurity continues to be a top concern for companies, it will most certainly be at the top of most companies’ resolution lists. However, staying ahead of the quickly evolving cybersecurity industry has become increasingly challenging, and it’s hard for companies to stay on top of all the threats and solutions they should have in place. Below are several ways BOHH recommends for companies to start 2018 right and help them better tackle their security resolutions.
Finalize your General Data Protection Regulation Plan:
If this is not in action now or at the top of your list, it is time to get started on this now. Going in to effect later this year in May, companies will need to comply with the GDPR regulations, which applies to all companies that use or process data in the European Union. Since there are a lot of moving parts to ensuring compliance, it is important to take a strategic approach. There are many new changes that companies will be accountable for, so it’s critical to research them properly and have a specific plan for each one. Having your GDPR plan in action and completed by May 2018, will help you avoid fines or penalties imposed on a non-compliant company, as well as stand out as leader in the market committed to security.
Always Implement New Security Patches and Update Old Systems:
Because software systems are constantly evolving, security updates and patches are commonly released to keep up with software improvements. Often, these patches come with instructions to make the updates, and failure integrate these into your system can lead to vulnerabilities and allow hackers to gain access company and customer data. Unfortunately, as we saw in many data breach instances in 2017, many businesses often ignore patches or updates until they encounter issues. When this happens, it leaves the door open for hackers use malware and other type of attacks to exploit these holes and get into your system. Companies that monitor when new patches and updates are out and implement them immediately will face less risk to breaches than those do not and avoid having to undergo an embarrassing explanation on why they are not up-to-date with the recommended security systems.
Create a Zero Trust Model:
There is no longer any trust in security. It’s clear there are no longer any trusted and an untrusted engagements on our security devices, networks or even users. In 2018, companies need to eliminate the idea of a trusted network and start implementing a zero-trust model approach that views all users and network traffic as untrusted that must be verified and enforce strict access control.
There’s No One Size Fits All:
When it comes to security, there is no quick fix or a magical solution that will solve all your security woes. Because there are more tactics to get into a company’s network, it’s hard for companies to rely on just one or two solutions to stay protected. The best way to stay on top of all the threats is by having a combination of solutions like patched systems, constant updates, multi-factor authentication, firewalls, encryption, AI-based tools and more. More than ever, it is important to take the time to make sure you have the right security investments in place and not rely on just one or two.
Hopefully these recommendations will be useful to get your 2018 security strategy started right. Come back next Tuesday when we take a closer look back at the latest news on the Intel chip security flaw and what is the good and bad to take from it.
