Digitization of business, the involvement of disruptive technologies to perform business functions, dissolving the boundaries between usage of personal devices to business work and evolution of technologies like Artificial Intelligence (AI), Machine Learning and Deep Learning are increasing the attack vectors. The targeted attacks using the technological innovation has increased. The recent ransomware attacks have proven capability to cripple the nationwide systems. This drives the regulators to add more complex regulatory mandates. Continue reading “Top 10 Skills Every CISO Must Have”
Small businesses are the backbone of any nation’s economy. Historically big enterprises depended on small businesses for producing spare parts, performing jobs to keep the cost low of their products. In the era of digitization big organizations, except for their core business elements, outsources almost all jobs to Small and Medium-sized Enterprise (SME). This includes accounting, marketing, financial management, credit collection, employee /HR management, etc. Continue reading “How Can Small Businesses Protect Themselves From Cyber Attack?”
My profession gives me the chance of meeting and having deep discussions with CISO. Being in the profession for long enough to have CISO’s in my list of personal friends, I get to know the both sides of the coin, professional and personal.
The job of CISO is demanding and challenging. Change is the only constant thing in CISO’s day. Most of the CISO’s say that there is no fixed pattern to their day. They can plan some part of the day but the plan needs to modify to pay attention to the urgent and important issues arise due to the dynamic nature of cyber security issues. Continue reading “A Day in CISO’s Life”
The word “Digital transformation” has become part of our everyday life, cashless transactions to the touchless automation; industries are transforming rapidly.
Oil and gas industry which has played a pivotal role in the economic transformation of the world by providing, fueling the needs of mobility, light, and heat of world’s population is as well going through the digital transformation. Following are main drivers for this transformation: Continue reading “How Vulnerable are Oil and Gas Industries from Cyber Attacks”
There is hardly a day when we do not read or get to know about cyber-attack, cyber- crime, security breach, zero day attack or identification of a new vulnerability.
We have seen every year the security budget and spend on the security is increasing and still, organizations are getting breached. Most this money goes to implement and manage technologies and often the weakest link in the chain that is people who are creating, accessing the data are ignored.
Kevin Mitnick, “The World’s Most Famous Hacker” quotes
“Companies spend millions of dollars on firewalls, encryption, and secure access devices, and its money wasted; none of these measures address the weakest link in the security chain.”
Most of the organizations are either started using cloud services or migrating to the cloud. First and the most important decision-making point before migrating the applications to the cloud is, how this transformation will impact the data security and compliance to the applicable regulatory requirements to my business?
Most of the prominent cloud service providers like Google (GCP), Amazon (AWS) and Microsoft (Azure), understand the importance of providing the compliance and assuring the data security for the clients. These cloud providers provide security solutions either as a part of a package or available in the market place for clients to pick and choose the technologies that assures the integration with other infrastructure components of the cloud. Continue reading “Google Cloud Platform (GCP) Security”
There is old Indian fable about how an elephant looks like to the blind men in the room, the person who touched the trunk of elephant described it as a snake, the person who feels side perceived it as a wall, who touches the ears identified it as fan and story go on …
A great many people like blind men in a story do not think about security holistically and cyber security is a whole new elephant to analyze.
Hackers are working around the clock to keep ahead of the competition to make as much money as possible. The sophisticated attacks, with business-minded infrastructure, make ransomware like WannaCry and NotPetya — which locked up devices at multi-billion-dollar companies — look like imposters.
With increasing attack vector and effectiveness of the attacks, the damage done to business and government is not limited to only disrupting the services or stealing the information but the latest attacks are capable of damaging the physical infrastructure and creating the war like situations. Continue reading “Security Design Principles – A Quick Guide”
Smart devices and appliances are part of our daily life, locking our homes, monitoring our fitness, lights, fridge, television sets, web cameras to name the few are connected to the internet and we can access these devices from anywhere. This includes your kid’s smart toys as well. These devices are known as Internet of the Things (IoT). These days you don’t have to worry about your kids missing the house keys and you have to rush home leaving all office priories aside, now you can open the door of your home sitting at your office desk.
Hackers have a great opportunity to launch large scale attacks because without our knowledge these devices capture lots of information and are accessible over the internet.
The dark side of these IoT devices can not be overlooked. Last year’s massive DDoS attacks (October 2016) on DYN’s servers that brought down many popular online services in the US was not launched using standard computers but the Mirai botnet used for this attack was largely made up of IoT devices such as digital cameras and DVR players. The news of Roomba floor mope is mapping your home and the map of your home may be shared with Google or Amazon. Disney sued for capturing and selling children’s data to the third parties.
This means IoT devices are providing the comfort and convenience but at the same time they are becoming threats to your personal data, these devices can lead hackers to your home as well as to organizations for which you are working.
IoT Security Concerns
IoT devices are nothing but the tiny computers always connected to the internet, capturing, processing and sharing information and this is the reason of majority of security concerns
- Continuously connected to the internet
- No security features as a part of design
- The amount and type of data captured
Broadly speaking these are the three categories we need to concern about when we speak of the IoT security.
Continuously Connected to the Internet – The devices are always connected increases the attack vector. The number of devices available can be collectively used to create the massive DDoS attack. The device’s security combined with home WiFi security can increase the likely hood of the compromise as the vulnerabilities available in home internet connection can be easily exploited.
“Any idea how much data a cow generates? Turns out not a lot, but there are a lot of cows.” — Eric Hanselman, chief analyst of 451 Research
The Tools like Shodan are like dual edge sword when in hands of protector it can help to identify and patch the vulnerabilities in you devices but in hands with malicious intention, it can be used to breach your devices and either steal the data or use it as tools for launching attacks. Being always connected, your devices are available all the time. The Internet is not secure so we can not expect the devices connected to it will be secure.
No Security features as a part of the design – The computing power of these devices and storage space available are the technical limits to have security features embedded into these devices. Adding the security features can increase the cost of these devices by multiple folds and hence manufacturers of these devices are knowingly or unknowingly ignoring to add the security features. Another big issue is all these devices are owned and managed personally so there is no way of imposing security policies and processes that can enhance the security. Example password complexity and expiry of the password.
The amount and type of data captured – All these consumer IoT devices captures a lot of data. The security camera installed in your children’s bedroom can be snooping your child activities and if compromised can send streams of data to the malicious intention people. Which TV channel you watch, which internet sites you browse, what time you are at home, how is your health ? all these data is getting continuously captured and may get sold into the market. As we have seen at the start of this article how Disney has used the toys to capture and sold that data.
How to Stay Safe?
“Prevention is better than cure”
Securing your home network is a first and most important thing which is within your control. Refer to the previous article “Proven Methods to Secure Your Home Network” for more details.
While buying devices you should be aware what features are included, like password complexity, data encryption, etc.
- Before installing your new device, visit the manufacturer’s website and download any new security patches for known vulnerabilities
- Secure your device immediately after purchase
- Do not let the excitement of acquiring a new device distract you from securing it before putting it to use
- Also, without exception, immediately reset any default passwords with secure passwords.
Configuring devices is one-time activity but making your device secure is an ongoing process,
- Keep your devices updated with patches and firmware updates provided by product manufacturer. These patches and firmware updates are released either for fixing the bugs or closing the vulnerabilities available.
- Switch off the devices when not required. You do not need cameras in your child’s bedroom to be on when you are at home, switch that off.
- The latest memory based malware will get erased by rebooting the devices, so make it a practice to reboot your devices at a regular frequency.
“Keep your devices up to date and stay safe”