The need for robust cybersecurity measures has never been more critical than in 2023. Asymmetric encryption algorithms are the guardians of digital security ensuring that sensitive information remains protected and digital interactions stay authenticated.

There are many dangers out there that can harm our sensitive information and disrupt important services. These dangers keep evolving and becoming more advanced, making it harder to stay safe online.

From hackers trying to steal our money to cyber attacks sponsored by governments, the threats are diverse and relentless. They exploit weaknesses in our devices, and software, and even trick us into giving away our information.

To protect ourselves and our data, we need to be aware of these dangers and take measures to stay safe. By understanding the risks and implementing strong security measures, we can better defend against cyber threats and keep our digital lives secure.

What are asymmetric encryption algorithms?

Asymmetric encryption algorithms, also known as public-key cryptography, are powerful cryptographic techniques that play a pivotal role in modern cybersecurity. Unlike symmetric encryption, which relies on a single shared secret key for both encryption and decryption, asymmetric encryption algorithms utilize a pair of mathematically related keys – a public key and a private key.

The concept behind asymmetric encryption is elegant and innovative. The public key is openly shared with the world, and accessible to anyone who wishes to engage in secure communication with the key’s owner. On the other hand, the private key remains a closely guarded secret, known only to the individual or entity to whom it belongs. The ingenious aspect lies in the mathematical relationship between these keys – data encrypted with the public key can only be decrypted with the corresponding private key and vice versa.

One of the most significant applications of asymmetric encryption algorithms is secure data transmission. By leveraging the public and private keys, these algorithms ensure that data exchanged between parties remains confidential during transmission, even if intercepted by unauthorized entities. The encryption process transforms the plaintext into an unintelligible ciphertext, and only the intended recipient possessing the corresponding private key can decipher and access the original data.

Asymmetric encryption algorithms are also instrumental in providing digital signatures, which verify the authenticity and integrity of digital messages or documents. Digital signatures are generated using the sender’s private key and appended to the data. The recipient can then use the sender’s public key to validate the signature, providing assurance that the message indeed originated from the claimed sender and has not been tampered with during transmission.

Beyond secure communication and digital signatures, asymmetric encryption algorithms find extensive use in file encryption. This application offers a robust solution for protecting sensitive data stored on electronic devices or transmitted across networks. By encrypting files with the intended recipient’s public key, the data becomes accessible only to the recipient possessing the corresponding private key, ensuring the data’s confidentiality.

The concept of confidentiality is central to asymmetric encryption, as it guarantees that only the intended recipients with the appropriate private key can access and decrypt the encrypted data. This safeguard is essential for protecting intellectual property, personal information, financial records, and other sensitive data from unauthorized access and potential data breaches.

Additionally, asymmetric encryption enables the verification of the sender’s authenticity through digital signatures. Digital signatures provide recipients with a means to ascertain the legitimacy of the sender, reducing the risk of falling victim to phishing attacks or other forms of impersonation.

Moreover, asymmetric encryption enables non-repudiation, a crucial concept in cybersecurity. Non-repudiation ensures that a sender cannot later deny sending a specific message or initiating a particular transaction. The sender’s private key signs the message or transaction, providing cryptographic proof of the sender’s involvement and precluding any attempts to disavow the event.

Asymmetric encryption algorithms also play a pivotal role in facilitating secure key exchange techniques. These algorithms enable parties to establish a shared secret key for subsequent symmetric encryption without the need for prior communication or a secure channel. This key-agreement mechanism is essential for establishing secure and confidential communication between parties without the risk of exposing the shared key.

Beyond encryption and digital signatures, asymmetric encryption algorithms contribute to the creation of cryptographic hash functions, which play a critical role in ensuring data integrity. Cryptographic hash functions produce unique fixed-size hash values for input data, making it possible to detect any changes or tampering with the data, no matter how minor.

Finally, in the context of the internet and secure communication, asymmetric encryption plays a crucial role in creating digital certificates. These certificates are integral to establishing the authenticity and identity of entities on the internet, including websites and servers. By relying on asymmetric encryption, digital certificates ensure secure communication and encrypted connections with trusted entities, enhancing the overall security of online interactions.

How do asymmetric encryption algorithms work?

In asymmetric encryption algorithms, users generate a key pair consisting of a public key and a private key. The public key can be openly shared, while the private key is kept confidential.

To send a secure message to the intended recipient, the sender uses the recipient’s public key to encrypt the data. Once encrypted, only the recipient’s corresponding private key can decrypt the information.

Upon receiving the encrypted data, the recipient uses their private key to decrypt it. As the private key is known only to the recipient, the confidentiality of the message remains intact.

Asymmetric vs symmetric encryption

In contrast to symmetric encryption, which uses a single key for both encryption and decryption, asymmetric encryption relies on a pair of keys.

Symmetric encryption is faster and more suitable for bulk data encryption, while asymmetric encryption excels in secure key exchange and digital signatures.

Here is a table that provides an overview of these two widely used encryption algorithms:

Both symmetric and asymmetric encryption have their strengths and weaknesses, making them suitable for different use cases. Symmetric encryption excels in speed and efficiency, making it ideal for bulk data encryption.

On the other hand, asymmetric encryption offers secure key exchange and digital signatures, enhancing security in communication and authentication.

The choice between the two encryption methods depends on the specific requirements of the application and the desired level of security.

There is no single asymmetric encryption algorithm

Several asymmetric encryption algorithms are widely employed in the field of cybersecurity due to their unique features and varying levels of security.

Here are some of the most popular ones:

1. Triple DES (Data Encryption Standard)
2. Advanced Encryption Standard (AES)
3. RSA Security (Rivest-Shamir-Adleman)
4. Blowfish
5. Twofish
6. Cryptographic Hash Functions
7. Hash-Based Message Authentication Code (HMAC)
8. Stateful Hash-Based Signature Scheme (SPHINCS)
9. CAST (Carlisle Adams and Stafford Tavares)

Triple DES (Data Encryption Standard)

Triple DES (Data Encryption Standard) is an asymmetric-key block cipher based on the original DES algorithm. It provides enhanced security by applying the DES algorithm three times sequentially, using three different keys.

Each block of data undergoes a series of three transformations, significantly boosting security compared to the original DES. However, Triple DES has become less popular with the rise of more efficient and secure algorithms like AES.

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is one of the most widely used symmetric-key encryption algorithms. It replaced the aging Data Encryption Standard and operates on fixed-size data blocks with key lengths of 128, 192, or 256 bits.

AES employs a substitution-permutation network, making it highly secure and efficient for various applications.

RSA Security (Rivest-Shamir-Adleman)

RSA Security (Rivest-Shamir-Adleman) is a widely used asymmetric encryption algorithm based on the mathematical properties of large prime numbers.

It involves a key pair – a public key for encryption and a private key for decryption. RSA is commonly used for secure key exchange, digital signatures, and secure communication.

Blowfish

Blowfish is an asymmetric-key block cipher known for its simplicity, efficiency, and resistance to attacks.

It operates on 64-bit blocks and supports key lengths ranging from 32 to 448 bits. Blowfish is used in secure data storage and transmission, password hashing, and other cryptographic applications.

Twofish

Twofish is another asymmetric-key block cipher designed as a candidate for the AES competition. Although not selected as the standard, Twofish remains a respected and secure encryption algorithm.

It operates on fixed-size blocks and supports key sizes of 128, 192, or 256 bits.

Cryptographic Hash Functions

Cryptographic hash functions, while not exactly one of the asymmetric encryption algorithms, they are vital in cybersecurity. They generate a fixed-size hash value for an input message, ensuring data integrity and enabling digital signatures and password hashing.

Popular hash functions include SHA-1, SHA-256, SHA-3, and MD5 (though MD5 is considered insecure).

Hash-Based Message Authentication Code (HMAC)

Hash-Based Message Authentication Code (HMAC) is a construction that combines a cryptographic hash function with a secret key to provide message authentication and integrity.

Stateful Hash-Based Signature Scheme (SPHINCS)

Stateful Hash-Based Signature Scheme (SPHINCS) is a post-quantum secure digital signature scheme designed to resist quantum attacks.

Cracking the code: How database encryption keeps your data safe?

CAST (Carlisle Adams and Stafford Tavares)

CAST (Carlisle Adams and Stafford Tavares) is a family of asymmetric-key block ciphers designed for secure encryption and decryption.

CAST-128 and CAST-256 are popular variants with varying block and key sizes.

Asymmetric encryption is a fundamental part of cybersecurity

Asymmetric encryption is a fundamental pillar of cybersecurity, providing robust mechanisms for secure data transmission, authentication, and digital signatures.

One of the primary applications of asymmetric encryption algorithms is to establish secure communication channels over untrusted networks, such as the Internet. When two parties wish to communicate securely, they exchange their public keys. Each party keeps their private key confidential.

By using the other party’s public key to encrypt messages, they ensure that only the intended recipient with the corresponding private key can decrypt and access the information. This mechanism safeguards data confidentiality during transmission and protects against eavesdropping or unauthorized access.

Suppose Alice wants to send a confidential email to Bob. Before sending the message, Alice obtains Bob’s public key. She then uses Bob’s public key to encrypt the email, ensuring that only Bob, possessing the private key, can read the contents of the email.

Asymmetric encryption algorithms also enables the creation of digital signatures, a critical component for authenticating digital messages or documents. Digital signatures provide a way to verify the origin and integrity of data. The sender uses their private key to generate a digital signature, which is appended to the message.

Recipients can then use the sender’s public key to verify the signature, ensuring that the message indeed came from the claimed sender and has not been altered during transmission.

For example, a CEO can digitally sign an important company document using their private key. When employees receive the document, they can verify the signature using the CEO’s public key to ensure that the document is authentic and has not been tampered with by unauthorized parties.

Asymmetric encryption is also employed for secure file encryption, adding an extra layer of protection to sensitive data stored on devices or transmitted over networks. Instead of using a symmetric key to encrypt the entire file, asymmetric encryption algorithms can be used to encrypt the symmetric key, which is then used for bulk encryption.

Imagine an organization that wants to share confidential files with a partner company. The organization encrypts the files using a randomly generated symmetric key. To securely share the symmetric key, they use asymmetric encryption algorithms. The partner company’s public key is used to encrypt the symmetric key before sending it. Upon receiving the encrypted symmetric key, the partner company uses its private key to decrypt it and then uses the symmetric key to decrypt the files.

Asymmetric encryption algorithms are instrumental in authentication mechanisms such as digital certificates, which are used to establish the authenticity of websites, servers, and individuals on the internet. Digital certificates contain the entity’s public key, and a trusted certificate authority signs them, verifying the certificate’s authenticity.

When a user connects to a secure website (HTTPS), the website presents its SSL/TLS certificate. The user’s browser can verify the certificate’s authenticity by checking the signature from a trusted certificate authority. The certificate’s public key is then used to establish a secure connection and encrypt data during the browsing session.

Asymmetric encryption algorithms ensure non-repudiation, meaning the sender cannot deny sending a particular message or initiating a transaction. The use of the sender’s private key to sign the message provides cryptographic proof of their involvement.

Parties can use asymmetric encryption to sign contracts digitally. When one party signs a contract using their private key, it proves their agreement to the terms and prevents them from later denying their involvement in the contract.

As you can see, asymmetric encryption algorithms are one of the most important weapons you can use to ensure your and your company’s cybersecurity.

Remember, your data is something you should guard as carefully as your ID in your pocket and you should always turn to its guardian angels.

Featured image credit: Freepik.

The recent CoWIN data leak has exposed the personal and vaccine information of many people, including “VIPs” like political leaders, journalists, and a bunch more important people. The information of many was published on Telegram, and they were allegedly available on the application.

Data and personal information of those who registered for the CoVID-19 immunization on the CoWIN app are supposedly now freely available on the Telegram app, which is a worrying trend. A Telegram bot may be used to obtain the information quickly. Media sources claim that the bot has been disclosing information like date of birth, phone number, Aadhar information, PAN information, and even passport information, among other things, and that anybody may access these facts.

Moreover, the information is pretty easy to obtain on the application. Those who find the right channel and put in the phone number or Aadhar number of an individual will be able to reach their personal information listed above.

Which politicians are affected by the CoWIN data leak?

Several politicians’ information, including that of Telangana’s minister of information and communication technology Kalvakuntla Taraka Rama Rao (also known as KTR), DMK member Kanimozhi Karunanidhi, BJP Tamil Nadu President K Annamalai, Congress member Karti Chidambaram, and former union minister of health Harsh Vardhan of the BJP, was easily accessible, according to a report by The News Minute.

The Union Health Ministry’s secretary Rajesh Bhushan was one of the victims of the data breach, according to the Malayalam newspaper. According to the article, when Bhushan’s number was input, information like the last four letters of his Aadhaar number and his birthdate was made public, along with information on his wife, Ritu Khanduri, an MLA for Uttarakhand from Kotdwar.

The information of former Union Minister P Chidambaram, Congressmen Jairam Ramesh and K C Venugopal, journalists Rajdeep Sardesai (India Today) and Barkha Dutt (Mojo Story), and Rajya Sabha MP and TMC leader Dered O’Brien were also leaked similarly, according to All India Trinamool Congress spokesperson Saket Gokhale.

The following statement was made by Gokhale on Twitter about the CoWIN data leak: “There has been a MAJOR data breach of the Modi Govt where personal details of ALL vaccinated Indians including their mobile nos., Aadhaar numbers, Passport numbers, Voter ID, Details of family members, etc. have been leaked & are freely available.”

Journalists including:

1. Rajdeep Sardesai of India Today
2. Barkha Dutt of Mojo Story
3. Dhanya Rajendran of The NewsMinute
4. Rahul Shivshankar of Times Now@sardesairajdeep @BDUTT @dhanyarajendran @RShivshankar

(4/7) pic.twitter.com/zJv094RRiU

— Saket Gokhale (@SaketGokhale) June 12, 2023

According to The News Minute, the CoWIN data leak bot also provided information on everyone who had used the same registration number to enroll for the inoculation. The passport number of Kanimozhi’s son was also readily available. The accuracy of the information provided by the bot was checked by a TNM journalist who used her CoWIN registration ID to register for three people’s vaccinations. Around 9:30 am, the bot was destroyed.

MSP cybersecurity: What you should know

How to stay safe against data leaks

Data breaches, like the CoWIN data leak, pose a severe risk to both people and businesses. Data leaks can make private information, including financial information, trade secrets, intellectual property, and more, publicly available. Additionally, data breaches can harm people’s reputations, result in legal issues, and cost money.

• Use strong passwords and change them regularly.
• Use encryption and VPNs
• Avoid phishing and malware
• Be careful with social media and public Wi-Fi.
• Educate yourself and others.

Use strong passwords and change them regularly

A strong password should include at least 12 characters, use capital and lowercase letters, digits, and symbols, and stay away from terms or phrases that are often used. Additionally, you must use several passwords for various accounts and services, changing them often or anytime you suspect a compromise.

Use encryption and VPNs

Data is encrypted so that only those with the proper access may decipher it. While you send an email or surf the internet, for example, or while storing files on your device or in the cloud, encryption may safeguard your data both in transit and at rest. Virtual private networks, or VPNs, are services that establish a safe connection between your device and a distant server while concealing your IP address and location from prying eyes.

Avoid phishing and malware

Phishing is a sort of cyberattack that use phony emails, websites, or messages to convince you to divulge your personal or financial information or click on nefarious links or files. Always verify the sender’s address, the subject line, and the body of any strange emails or messages before opening them or clicking any links in order to avoid phishing and malware. Additionally, you have to utilize antivirus software and maintain it up to date.

The cosmic dance of security in the cloud

Be careful with social media and public Wi-Fi

If you reveal too much personal information or post something that can jeopardize your security or privacy, social media sites could become a source of data breaches. Regularly check your privacy settings, and restrict who may read your posts and profile. Without a VPN, you should also avoid utilizing public WiFi networks since they are vulnerable to hacking and third-party surveillance.

Educate yourself and others

Knowing the dangers and the best ways to secure yourself and your data is the greatest method to stop data breaches. You should also spread the word about the value of data security and privacy to those who are close to you, including your family, friends, coworkers, and employees.

In recent weeks, the topic of data privacy, data security, data sovereignty, and how social media platforms harvest and use our information has reared its head again. The most recent Facebook whistleblower, who divulged how the platform knows it is responsible for helping to create divisions through its algorithm, which uses our data to deliver that content, ignores this because it is not good for business.

The latest revelation brings back memories of Brittany Kaiser. She caused a global stir when she explained how Cambridge Analytica leveraged our data to help change hearts and minds during Donald Trump’s presidential campaign.

Data sovereignty became more crucial than ever after her revelations, further explained in the documentary The Great Hack. One organization, polypoly, wants to change the way we use our information and give us back control. And it believes that EU citizens can be the first to gain absolute command over their data. 

At the beginning of 2019, I founded polypoly.eu, intending to restore sovereignty over digital data for everyone and thus support European data capital flow to local markets. Rather than being mere data providers, members of Polypoly cooperatives co-own the same underlying technology: the polyPod.

Julio Santos, the technical cofounder of Fractal – creators of the Fractal Protocol, which it says will enable radical markets for data and help keep the web open and accessible for everyone – spoke with me recently to understand how we might be able to regain control of our information.

Beginning with research

Santos:

Let’s talk a bit about polypoly. When did you start it? And what have you built so far? What can people already do with it?

Dittmar:

So the research started around five or six years ago. We did the research upfront and before we founded the company. Therefore, the main message when we launched was, “we know how to fix it right now because we’ve done the research.” 

Ultimately, this is not only a technical problem. The whole data privacy issue is partly a technical problem, but it has to do with economic incentives. It has to do with our laws, so it’s a multi-dimensional predicament. 

One aspect was, of course, how to build a company that others cannot take over or threaten; A system that is so rock solid nobody can harm it. And then, of course, we also built the prototype – the first version of the polyPod and the first version of the polyPedia. With the polyPod, if you download it today, it lets you look behind the scenes of the data economy. The polyPod that is out there today is a front end for the polyPedia. The polyPedia is a system where we store all information about companies acting within the data economy. 

One of the most critical aspects of that ecosystem is trust, and trust is something you have to earn. And so, the first iteration we made cannot harm you at all because none of your data is involved. We will show you that we know what we’re talking about. And then the second version, which is coming very soon, is then about downloading your data from organizations such as Facebook and showing the context in which the data is stored. So, if you’re in Germany, it means you have a contract with Facebook Ireland, and those laws are in charge. We can show clearly that this is your data, stored on their systems, and what that means.

Data sovereignty and GDPR

Santos:

Interesting. So it’s kind of like mapping your data, what they store, who else can see it, your rights, and what regulations are involved. It’s a complete view of what’s going on.

Dittmar:

Correct. In the EU, GDPR is a right, but it’s not easy to administer. And a law or right you have which you cannot execute is no right at all. And so, we have to make it easier for people to understand what’s going on with their data. 

So why can it be harmful that somebody knows your location data? One of the biggest problems we have in the whole data economy is an entirely abstract threat model for people who have not studied computer science. Nobody can understand what it means when somebody knows my location data or what can be done with pictures. For example, if you’re posting an image, the social media platform can use this photo to find out what kind of trademarks you’re using; a Boss t-shirt or furniture from Ikea. That is then giving these people insight into your estimated earnings and brand preferences. Worse still, all this is very intransparent.

Education and cooperatives

Santos:

I agree, education is vital and is the only way that we get to make people aware of what it is that is going on. Because if they’re going to have an impact and have a voice, they first need to understand this landscape, and it’s deliberately opaque. So it’s not exactly easy to understand without help. I have I’ve seen that polypoly is consists of three linked organizations. So you’ve got the cooperative, the enterprise, and the foundation. Can you give us an overview of why these three organizations exist and what the relationship between them is,

Dittmar:

The foundation is there to build co-ops. The company is incorporated as an SCE, and that means this is a Pan-European cooperative. You can only become a member of a co-op if you are a European citizen. This is for a simple reason. If you have foreigners as members, for example, if you have US citizens as a member of European co-op, it can happen that the co-op will be in front of a court in New York City. So the co-ops are acting as a legal fortress for the local citizens. 

That means we have to build, sooner or later, co-ops in other parts of the world. We are currently discussing with people from Canada, the US, and India to build co-ops there. And that’s the role of the foundation – to create these coops everywhere. It’s a kind of incubator for local co-ops. The critical aspect of keeping co-ops local is simple. One is making sure that in the data economy, organizations will pay taxes locally. When your data generates money, the associated taxes are invested in your community and not somewhere else. And secondly, for you as a local citizen, only your law should be applied. International law is untenable for noncitizens. So we have to make sure that everything will happen locally. That’s the reason we have the foundation and the co-ops in all the different countries.

Santos: 

I was looking at your website, and I believe now I was looking at the cooperative website. It’s very Europe-centric, so I was going to ask why? I guess the answer is that it’s what we’re starting with, right? It’s the first course.

Dittmar:

Yes. It is the first one, and it is made for Europeans. Nevertheless, the data economy market is global. So that means we have to build other co-ops, which will be owned by our citizens only in these countries. That means the core is 100% owned by the users, but the local users take care of their rights and opinions. So, if the European users want to go in that direction, but the Americans want to go in that other direction, that’s fine. We are not so arrogant to think what is right in Europe is suitable for every other country. And so that all the local co-ops have are the opportunity to adapt the system to the local culture and law, but the interfaces are still the same. 

A company that wants to use this decentralized data network will find a global network of interfaces or ports that use precisely the same interface but always use a local adaptation. There is no data without economies, so the enterprise is serving the economy. We’re building tools to find an easy way from a centralized data economy to decentralized data. The enterprise is financed by the economy, and the users fund the co-op. So if you imagine we have nowadays, I would guess, some 100 million Facebook users in Europe. If just 1% of these Europeans would join the European co-op and buy one share, that would be powerful; owned by the users, financed by the users, founded by the users, and funded by the users.

Santos:

Understood. You talk a lot about data unions, and that’s what a co-op is in this context, right? You’re already thinking of more than one co-op, a European co-op, and then maybe you have an American co-op. Do you believe that there is room for multiple European cooperatives in which they compete for user attention by saying, “this is how we handle your data; we do things a little bit differently,” and then you aggregate people based on these preferences?

Dittmar:

Competition is an essential part of our economic system. So yes, there should be, and there is competition. I guess the only thing that is very important here is that interoperability is always in place. There is an excellent organization called MyData Global, which builds standards for handling personal data. And there are already a lot of companies that are part of that organization, and all of them have signed an agreement that they will make sure that it is straightforward for the user to transfer data from one potential solution to the next one. That’s a crucial aspect because you never know which answer is the right one. There must be lots of different players trying lots of other ideas, and then the user will decide what the right one for them is.

Portability and interoperability

Santos:

With a commitment to interoperability, you will allow those things to happen. You’re saying, as a company, we believe that we have the solution for this, but we also may not. And perhaps the answer is to ask somebody else, so this interoperability, this portability of data, becomes essential.

Dittmar:

What we would like to be in the future is something like the public water supply for data. So, we are taking care of the pipes in the earth, we are taking care of everything that’s in those pipes is clear water, and then others can use our infrastructure to create a water supply business. For example, when it comes to health data, we are not an expert in it. We are an expert in decentralized data systems. But there are experts out there, who maybe would like to use a decentralized solution, but have no clue how to build these kinds of technology. And so our role is to create the underlying infrastructure, and everybody else can sit on top of that and interact with the user. The idea of the polyPod is that it is extendable. Everybody can build features for the polyPod. If the user wants to have it, they can download that feature and use it or not, depending on whether the user likes that feature or trusts the supplier.

In the next part of the interview, in addition to going deeper on data sovereignty, I speak with Santos about Tim Berners-Lee’s Solid project, data income plans, and why it is vitally important to redress the balance of knowledge to know as much about Mark Zuckerberg as possible his organization knows about us.

Businesses across virtually every industry are rapidly adopting cloud service solutions. The global cloud computing market was worth an impressive $371.4 billion in 2020 and could more than double to $832.1 billion by 2025. Amid this rapid expansion, organizations must recognize this movement’s risks.

Cloud security isn’t necessarily less secure than on-premise solutions, but it’s easy to make mistakes when focusing on rapid migration. In businesses’ enthusiasm to embrace the cloud, many overlook vital security considerations.

The cloud offers many benefits. One study of government agencies, for example, found that 13 of 16 agencies saved a total of $291 million by moving to the cloud. As more businesses recognize these advantages, more are accelerating their cloud adoption. But moving so quickly can also introduce several threats.

Here are five of the most prominent risks of rapid cloud expansion and how to address them.

Insufficient Access Management

Access management vulnerabilities are among the most common in cloud infrastructure. In the move to the cloud, businesses often make much of their data easily accessible from anywhere. While loose access management controls make it easier for employees to perform their jobs, it also makes it easier for cybercriminals to get in.

As companies expand their cloud adoption, they should follow the principle of least privilege. Any given employee or program should only have access to the data they need for their regular work. Anything more than that could open the door to massive data breaches.

More reliable authentication methods are also crucial here. Passwords alone are insufficient, as 61% of data breaches in 2021 involved credentials. Multi-factor authentication (MFA) will help ensure remote users are who they say, preventing these attacks.

Cloud Service Misconfiguration

Another common issue rapid cloud expansion can introduce is misconfiguration. When organizations attempt to move to the cloud as quickly as possible, they often make mistakes when configuring their settings. Data breaches from these errors cost $3.86 million on average and are the third most common attack vector behind phishing and compromised credentials.

Thankfully, these vulnerabilities are fairly easy to prevent. Companies must double-check their cloud configurations before finalizing their move to the cloud. Default security settings, access management protocols, and authorizations are common areas for costly mistakes, so teams should pay special attention to them. Businesses can even find automated tools today that check for potential configuration errors.

Data Loss

Rapid cloud expansion can introduce risks beyond those stemming from cybercrime, too. Just as teams may misconfigure their cloud infrastructure, they could accidentally alter, delete, or restrict data while trying to migrate too quickly. This data loss requires no malicious party but can be just as impactful.

Glitches, messy database structure, and user error can lead to companies unintentionally deleting data or making it inaccessible. In all of these cases, the solution is the same: creating backups of all critical data.

Before transitioning to the cloud, companies should assess their data and create backups, starting with the most critical files. These backups should be offline and encrypted to keep them secure. Maintaining them after the move to the cloud can also help mitigate any future breaches.

Reliance on Built-In Security Tools

Organizations’ enthusiasm for the cloud can overshadow third parties’ lack of sufficient security infrastructure. As a result, businesses may move their data to a cloud service provider without understanding that provider’s vulnerabilities. Amazon Cloud Drive, for example, does not offer at-rest encryption, which some users may need.

Companies should understand that cloud providers’ built-in security solutions are often insufficient. Organizations should consider what security features are available and note what additional protections they may need when selecting a provider. Many may need to manually adjust their security settings or supplement their security with services from a dedicated cybersecurity provider.

DDoS Attacks

As businesses’ cloud workloads expand, they become more susceptible to distributed denial-of-service (DDoS) attacks. In these attacks, cybercriminals overload an organization’s cloud infrastructure, disrupting workflows and preventing users from accessing what they need. With more applications running on the cloud, cybercriminals have more to gain from DDoS attacks.

DDoS attacks have grown in both frequency and size. They rose 39% between 2018 and 2019, with attacks between 100 and 400 Gbps increasing 776%. When businesses rapidly expand their cloud infrastructure without scaling up security, they become more vulnerable to this trend.

Companies can prevent DDoS attacks through continuous monitoring. Intrusion detection systems can look for unusual network traffic, adjusting network packets, and blocking suspicious activity to keep operations running smoothly. Better cloud architecture, including geographically distributed data centers and redundant network resources, can help further by reducing these attacks’ chances of success.

Expand Safely

Embracing the cloud doesn’t inherently mean embracing risk. If organizations understand what threats can emerge in rapid migration and take steps to mitigate them, they can safely enjoy all the cloud has to offer.

Slower, more thoughtful cloud migration can ensure companies experience the cloud’s benefits without sacrificing security. Before expanding their cloud infrastructure, businesses should look for these risks within their operations and work to prevent them.

Smart home devices are used to monitor or control the environment in our homes. These marvels of technology make life easier by handling changes in temperature, lighting, entertainment systems, and other appliances. But while they’re the height of convenience, we can’t ignore the security nightmare being created by their use.

So how smart is it to connect all the appliances, even alarm and security systems, to the internet? We do not have standardized security measures for the devices that are making their way into our homes, but with the convenience they offer, many times that outweighs the application of common sense. With every additional smart device in a home’s network, the system becomes more complex and more at risk. 

The smart home device market has grown immensely, and there are 258 million smart households worldwide. However, 40.8% of these households have at least one smart device vulnerable to cyber attacks. In an increasingly online world, where our homes are the center of our work and private lives, data privacy and security are crucial.

What are smart devices, and when did they come into our lives

We can trace smart devices back to the early 1900s. With the evolution of technology, the definition of what makes a smart device has changed. You could even argue that the very first vacuum cleaner in 1905 was a smart device for its time.

The first device that fits today’s understanding of smart home technology was the Echo IV in 1966. This machine took up enough space to fill an entire room, but it performed most of the features that smart devices today are capable of. Echo IV could control the air conditioning, TV, and keep track of things for you.

Of course, today, we can fit an Echo IV in the palm of our hands, with wireless internet, BlueTooth, cameras, and processors that have 25,000 times the clock speed of that home automation pioneer. Switching on your TV is expected; today, we talk to speakers that do your online shopping, schedule your tasks, and even help conserve resources like electricity and water. 

Where is the security risk?

When looking at convenience and accessibility, smart homes seem to be the obvious answer. You can control your home’s appliances, your locks and alarms, lighting, and heating, all from a single tablet or smartphone. These technologies have proven that they are helpful, and we know that they have become increasingly affordable.

The risk comes in when we realize that our cybersecurity measures have not improved at the same pace. Smart home security systems often have cameras connected to the internet, installed to keep your homes safe but are vulnerable to hackers. The same smart security system can be manipulated by a third party to breach your privacy. 

For example, the use of smart locks on external doors raises many questions. A skilled hacker can easily breach them, and a brilliant one can hide their nefarious activities. And while the common counter-argument is that crooks can pick locks and doors can be broken open anyway, both activities leave physical evidence; something insurance companies typically require before they will payout on a claim. However, that’s changing.

Some insurance companies are offering discounts for consumers with smart security systems. Smart sensors, locks, and thermostats can lower your premiums if your home insurance provider has decided to embrace home automation systems. While there are definitive pros to installing these devices, other than the financial incentive – such as faster fire detection and guest access when you’re unavailable to let people in – you can’t ignore the security issues. The insurance industry has not standardized or decided on its approach, so it’s essential to research this aspect carefully.

Voice assistants by Amazon, Google, Microsoft, and Apple are also risks for our data privacy. They accidentally activate several times a day and record audio (even if you are not directly speaking to the device). The shocker here is that most of the audio that the voice assistant records is stored on company databases. Human workers review these recordings in the process of improving the device.

While the companies make assurances that the recordings are not stored in correlation with the user and that all the voice data is kept confidential, it is disturbing to come to terms with the idea that people listen to what we say to our devices. This is a hole in the privacy of our homes, and it is something to be wary of. 

All the instructions you give your voice assistant, like home address, financial details, and information that may have been accidentally recorded, are stored with the device manufacturer. With the merging of workplace and residence during the pandemic, a significant amount of potentially confidential data is at risk because of these smart devices. Thankfully, there are a few settings that you can change to delete your recordings or opt-out of having a human review your recordings. 

How do we keep our systems secure?

With the overwhelming information indicating that our convenience comes at the cost of our privacy, the next question is how to protect our data. Data privacy and security need to be prioritized as we further delve into the digital space, with information being collected and analyzed from every part of our lives. 

Before buying any smart device, read reviews that focus on the product’s security and what data is recorded and stored. Independent reviews of the product will help understand what the risks are. A few general searches for “smart home security” and “smart device security teardown” will deliver articles that help understand the risks of owning a smart device. 

While in-depth vulnerability services like IoT Inspector and others exist, they focus on organizations at present, so they’re expensive for the average home-owner, but they are also worth considering if the cost is a small percentage of the potential loss. Employing a white hat hacking company is also an option for complex smart home setups. 

If you intend on adding smart devices to your home network, it is vital to use strong passwords and have different passwords for each device. A password manager like Dashlane can come in handy by generating and saving the passwords. This is one step towards securing private information. Another layer of security would be to separate the smart device network from your regular usage network. These steps are a few of the ways that you may take charge of your smart device security. 

Smart homes become more commonplace with time; this is not something that will change. What we do have the power to change is our smart device security. Hopefully, we can move towards a future where convenience and privacy do not come at the cost of the other.

polypoly Cooperative publishes a technical white paper featuring its core technology, the polyPod. The cooperative is the first of its kind: A pan-European data cooperative in which shareholder-members own and profit from the underlying technology. Download now!

Things are totally out of control. We don’t know who has our data, what they have, and with whom they share it, nor for what purpose it is used, or for how long it is stored. Our data is repeatedly collected and processed by governments, private companies, and other organisations – often without our consent. Sometimes our data is even used against us. 

We founded polypoly as a countermeasure to this; to build a solution that will return control of our data back to us. We will decide who can use our data and for which purposes. We will define the rules. There’s no going back. 

This paper provides a high-level overview of one part of our technical solution: The polyPod. It introduces fundamental characteristics, technical decisions we have made – along with our reasoning – as well as some aspects we have not yet addressed. The core objectives of this paper are to set the stage for future white papers, which will cover each point in more detail, and to develop a clearer picture of what we are building. 

The current data economy suffers from severe problems resulting in an imbalance of power among market forces.

But the situation is greatly impacted by how technology is learned and perceived. The misuse of personal data almost always has an economic origin, and mainly affects people without deep technical understanding. 

This is manifested by two symptoms: 

There is no human-intuitive grasp of what technology does with our data. What computers do and don’t do is increasingly opaque and has very little bearing on how people handle things without computers. Paying with cash in a supermarket is fundamentally different from paying online with a credit card: The former is usually anonymous while the latter creates a surprisingly detailed data trail. 

The current implementations of technology are based on the notion that data is easily copied and computed, and aim to extract the maximum value from those operations. This sets improper economic incentives and thus rewards privacy-harming behaviour. Building a privacy-friendly and GDPR-compliant system currently means extra costs that generate no immediate value to a company, and can even put them at a competitive disadvantage. 

It follows that in order to properly address these symptoms, a two-pronged approach is necessary: 

Technology should extend our natural behaviour to the digital world, but not change it. And where that is not possible, at least the impact of technology must be easier to understand. It is important that everyone has an informed notion of what a machine will do based on their choices. The underlying economy and technical infrastructure needs to reward privacy-friendly behaviour instead of punishing it. 

A cooperative model for data tech

The polyPod is owned and developed by the polypoly Cooperative. It not only enables its members to participate in the profits generated using their personal data, but also makes them co-owners of the underlying technology – the polyPod. Each member has one vote and can participate in important decisions made by the cooperative. The polypoly Cooperative turns stakeholders into shareholders – those who were formerly data suppliers without influence, into owners with co-determination rights. This means that every member is also entitled to a share of the dividend, which is always paid out at the end of the financial year.  

Just like all other polyPod users, access to the personal data of cooperative members is decided by the members themselves. To whom access is granted, and for what it is to be exchanged – whether for a payment for example or as a donation to public interest projects or research, also rests with the individual. The polypoly Cooperative always receives a small percentage, which is reinvested in the development and operation of the necessary infrastructure or distributed to all members via the dividend.

The polypoly Cooperative is fully chartered and accepting new members from today.

WHITE PAPER AUTHORS

MAIN Christian Buggedei, Felix Dahlke • CONTRIBUTORS Jacek Bilski, Oliver Tigges, Thorsten Dittmar, Lars Eilebrecht, Lars Hupel, Mira Mezini, Oliver Tigges • EDITORS Laird Brown, Nils Loeber, Sabine Seymour 

What is a VPN? How is it used? Why is it needed now more than ever before? Read on.

Do you want to protect your online identity, stay safe on public wifi or bypass censorship on the internet? Then this article is for you.

First a little background on how the internet world works: Your public IP address is discoverable by browsers, websites, service providers, and other devices. This opens the door for your privacy to be compromised. It can also mean that sensitive information falls into malicious hands. When using a VPN, instead of your public IP address being displayed, it uses the address of the VPN server that all of your internet activity is routed through. This VPN server could be located anywhere in the world, which makes it impossible for those interested to find out your true location, let alone any personal information.

Moreover, VPNs have lists of countries, after you select one, you appear to be using the internet not from your actual location, but from the location of the virtual server.  VPNs secure and protect your online identity. Most of the trusted VPN service providers use the latest encryption keys to hide your data from anyone trying to spy on your digital lifestyle. If servers are not obfuscated, however, your ISP can see if you are using a VPN, but it cannot decipher the contents of your internet traffic. It means your ISP cannot see anything you do while you are connected.

The Virtual Private Network (VPN) Market is projected to grow at a CAGR of 6.39% to reach US$50.153 billion by 2024, from US$34.591 billion in 2018.

The demand for VPNs will grow on account of the increasing cybercrime issues, as VPNs provide a secure and private network for individuals to access. In addition to this, many online services are acquiring VPN service providers to provide their own VPN services to users. However, since VPNs carry data to a different server before taking the user to the desired webpage, they witness some performance and speed issues, which restrains the demand for these services during the forecasted period.

Here is a look at three VPN use cases you should know about. 

1. By Pass Geo Restriction

Geo-restriction or geo-blocking is a method to restrict or limit access of specified content based on the user’s geographic location. Average internet users usually encounter geo-restrictions on a daily basis while trying to access streaming platforms as they allow different content for different countries. Additionally, governments implement geo-restriction technologies to block sites or specific online services.

How does geo-blocking work? All of your devices on the internet have their unique series of numbers called an Internet Protocol address (known as ‘IP address’). Your laptop, phone, and each device connected to the internet have IPs, which are provided by your internet service provider (ISP). Therefore, your ISP knows your IP address. When you visit a website, the IP address of your network is sent to the server so it knows where it has to send the content.

Although your IP address is not significant on its own, using specialized software, it is possible to track your online behavior effortlessly, monitor which websites you visit and when. Also, to some extent, it is possible to know the geographical location of your device. This is how a site ‘knows’ from which country you are accessing. Then, website administrators apply geo-blocking based on this information. Moreover, geo-blocking applies when traveling. Meaning, if you are an American visiting France, you will only access the content available in France.

Is bypassing geo-blocking legal? The legality of getting around geo-restrictions is unclear and varies by country. In the European Union, some forms of geo-blocking are illegal. Companies are not allowed to discriminate against consumers based on their location for online sales of specific services.

However, streaming platforms, such as Netflix, claim that bypassing geo-blocking can be considered as a violation of copyright and licensing regulations, they also justify the use of methods to detected and block various anonymizer services, like VPNs.

There are tools to get around geo-restrictions, VPNs are the most common and, usually, easy to use for a less tech-savvy audience. While using a VPN service, you can quickly change your location and have unrestricted and fast access to any website. You can choose your desired location, or let us offer an optimal choice for you.

Local VPN servers represent a private, controlled network. It creates a virtual tunnel, where your data is encrypted so that no one can track or monitor your online activities.

VPN masks your actual IP address and allocates you with one from your chosen country. For instance, if you are in the USA, you can quickly select a remote VPN server in Japan, the website will think you are accessing it from Japan.

VPNs also help to bypass government-induced censorship. In this case, VPNs not only help to achieve internet freedom but also – to fully secure your data from the prying eyes of snoopers.

2. Avoid Government Censorship

Internet censorship is a process of blocking, limiting, filtering or manipulating internet content in any way. It is a method of suppression used by the governments which control what can be accessed, published or viewed online. Although censorship might seem like something done by oppressive governments, the scope of it has been increasing alarmingly in many democratic countries. More than 60 countries engage in some form of state-sponsored censorship.

Restrictions and manipulations vary from limiting access to digital content (such as movies, series or music), blocking certain websites or services (Skype, Telegram, WhatsApp, Youtube, Netflix, etc.) or filtering information perceived as unwanted (for instance, opposing the government in any way)

Who is usually affected by internet censorship? Various attempts to tighten internet control and crack down online freedom have a harmful impact on journalists, human rights activists, marginalized communities, as well as ordinary internet users, who want to access information or services online. Why do governments engage in various forms of internet censorship? The intents vary. In can be done to spread the government’s views, particular agendas, and to stop government critics and various opposing views. There are a few methods to surf the internet without borders. A VPN (a virtual private network) is a robust tool to access free information online. Also, it is safe, because it hides your online activities from the censors. 

3. Stay Safe on Public Wi-fi

Public WiFi can be a goldmine for dangerous lurkers posing security threats. It’s convenient, yet, dangerous to use while traveling or dining out in the city.

All the traffic within a public WiFi network is usually unsecured, meaning it does not use proper encryption to protect your internet data. Your sensitive information sent via an unsecured WiFi network (such as credit card numbers, passwords, chat messages) becomes an easy target for hackers. 

When it comes to stealing your data, hackers get quite creative. One of the ways they attack is called man-in-the-middle (MITM). Cybercriminals will create their fake public network. In most cases, the name will be similar to the name of the place with access to a public network (like a restaurant or hotel) nearby. Then, hackers will snoop on your private information and target data on your devices.

On top of that, hackers can install packet sniffing software. It is particularly dangerous because it records massive amounts of data which later can be processed on their demand.

Be aware that there are many other ways to undermine your privacy while you’re connected to a public WiFi. The internet is full of video tutorials and step-by-step guides on how to hack someone’s computer over a WiFi network.

All of the WiFi networks are vulnerable to hacking. If you are not alone using the network, chances are someone is spying on your online activities. At best it is your ISP, at worst – scammers lurking for your passwords, bank account details or other sensitive information.

In 2017 Belgian researchers discovered that WPA2 protocol used by the vast majority of WiFi networks is unsafe.

According to the report, the WPA2 protocol can be broken using novel attacks potentially exposing personal data.

The vulnerability can affect a broad range of operating systems and devices – including Android, Apple, Windows, Linux, OpenBSD, MediaTek, etc. Basically, if you have a device that connects to WiFi, it can be affected. The situation is a little different in the European Union since the General Data Protection Regulation (GDPR) took effect. ISPs processing Europeans’ data must be compliant to the GDPR. They have to make sure they store personal data only with the consent and when it’s not linkable to an individual.

What can you do to protect your online identity?  It is the best option to shield your private information from cybercriminals. If you are connected to a VPN, your connection is secure even if you’re on a public WiFi hotspot.

Data breaches are in the news all the time. It seems like you can’t go anywhere and swipe your credit card these days without receiving word your information may have been stolen. In typical data breaches where credit card info is stolen customers have a fair amount of protection through their banks and credit card companies. But what happens if someone steals your medical information? Businesses that deal with sensitive information have to take serious precautions to prevent data breaches, and in the event their efforts are unsuccessful the onus is on the company to pay to have the data breach cleaned up regardless of the source.

Third parties are responsible for the overwhelming majority of data breaches these days – 63%. Remember that massive Target data breach from a couple of years ago? It ended up being traced back to faulty printer software. The company that supplied the printers wasn’t responsible for the breach, however – Target was, and it cost them plenty both in dollars and in reputational damage.

So how do you prevent third parties from damaging your company’s bottom line or reputation? Always check them out to ensure they are compliant with any standards in your industry. The cost of cleaning up data breaches varies widely based on the sector, and medical records can cost as much as $355 for each record breached to clean up. The way to prevent this from happening is to ensure the company you are contracting with for business is certified compliant in HIPAA – not just that they say they are HIPAA compliant, but that they are actually certified as such.

There are various forms of certification based on each field, so no matter what sector your business is in you can find a third-party vendor who is certified to prevent data breaches and other issues. Learn more about third party data breaches and how to prevent them from this infographic.

Like this article? Subscribe to our weekly newsletter to never miss out!

Follow @DataconomyMedia

Kevin Mahaffey is an entrepreneur, investor and engineer with a background in cybersecurity, mobile and machine intelligence. He is CTO and Founder of Lookout, a cybersecurity company dedicated making the world more secure and trustworthy as it becomes more connected, starting with smartphones and tablets. He started building software when he was 8 years old and it has been a love affair ever since. Mahaffey is a frequent speaker on security, privacy, mobile and other topics.

Tell us a little bit about yourself and about Lookout

I am Kevin Mahaffey, I’m the founder and CTO of Lookout. We are a cyber security company focused on mobile.

I like fixing problems. The company started in 2007 and actually myself and the other two co-founders were doing research into mobile phone security and we got our hand on a Nokia 6310i, you know, black and white screen, had snake the game on it, and this phone was notable to us because it had Bluetooth on it. We found actually some pretty bad security vulnerabilities on that device. You could hack into it and reboot it. And we looked on a whole bunch of other devices and we found similar vulnerabilities in almost every phone we ever touched. And we tried to work with all the different manufacturers, everyone from Blackberry to LG to Nokia in this case and nobody really took security very seriously because the question was why would anyone wanna hack a phone? This is in 2004 mind you. And one of the other excuses was, well the range of Bluetooth is only 10 meter so you had to be really close to someone.

And so Bluesniper was created to extend the range of Bluetooth to 1.2 miles away. And in doing so we proved that you could actually hack a phone from really far away. We thought that this is maybe something we’d talk about at some technical security conference but we were surprised to be on the front page of the business section of the Wall street journal of the NY Times, so we thought “this is a big problem that we can solve”. So we said ok lets start a company to solve the problem and in 2007 we started Lookout to build software to protect both individuals and businesses from cyber threats on their mobile phone.

What makes you want to hack things?

Hacking is not like we see in the movies. The way a system does work is different than the way it was designed to work. And they surface that. Good hackers, people who want to make things better, when they find a way to manipulate a system in a way that wasn’t intended they try to get it fixed.

Where is the company’s HQ located and why?

We are based in California, San Francisco, and we have offices in Europe and Asia.  The reason we are all over the world is because this is a global problem. Mobile security doesn’t affect only one country but every person on the planet. From individuals who’re using their phones for online purchases to large companies who’re using mobiles to run their businesses to manufacturers.

We started in LA and in 2009 we moved to San Francisco because Google and Apple became big in mobile.

Are you going to stick to phones? Or you have plans for other devices, such as cars?

We don’t have any products in that space, [car security etc], I’m not sure if we will ever have a product for cars but the passion of everyone in the company is [understanding] how to make the world a safer place and sometimes that means releasing a product, sometimes it means doing and publishing research. And if there is a product that is needed, we go build it. IoT security needs to be taken very seriously. However, we are focused on mobile right now. We’re focused on one problem at the time.

Can you also hack an offline network?

Most people are focused on how to secure a network. How to stop bad things from happening. But if you think of your body, your immune system doesn’t work that way. And most networks are architected to assume you can block those things. But nowadays you can’t control what’s in your network anymore. So a lot of companies are getting breached everyday, and usually by someone inside their network, they use some valid credentials to access the data that they shouldn’t, and that’s a really big problem. So we advocate for this concept of the immune system where you gather data, preferably no personal identifiable data to know how things are working, everything from your smartphones to laptops, then you process that data and analyse it for find indicators of a threat and sometimes you can automatically respond, or sometimes you need to escalate to some smart human in a security team to think about it some more and decide what to do. But this is very different than stumbling upon a hack because they take out your internet connection for taking so much data from the company, sometimes that’s how you discover a hack.

What kind of advancements do you see happening in the future for your company and in the world?

So right now a lot of individuals use Lookout. The big course for us right now is helping large companies and governments secure their mobile devices because 3-4 years ago people could get email (if that) on their phones. Basically everything you can do on your PC most organisations started to be able to access from a smartphone or tablet. But the organisations don’t have any idea what’s going on on these devices right now. So we see a lot of demand on that. How to secure these devices. We look at a modern way to stop advanced threats that it’s not just signature based to stop attacks on mobile.

And do you see this happening in general?

Everyone is moving towards data security. Some companies are building their own software and they’re very far down on that road, other companies are just starting to get there. But it’s not the device, it’s the data. You can’t stop the device of getting hacked, you have to defend your data and you have to respond to threats and hope they never happen. Those two principles are really coming forward. Unfortunately it means a lot of organisations have to rip out some things and replace some things but I think it’ll make companies and people more secure because when companies are more secure, as an individual your data will be breached less often.

What are some key hurdles in the industry that you’re experiencing and how do you see data science applications solving this problem?

The hurdle is there’s too much data in security or not enough data. In the case of not enough data, many security organisations apply. You can ask any given system, what is the data that will show the hacker gets in. And if you don’t have data coming from that system, then you never gonna know that a the hacker gets in. Other times you have so much data that it is not very useful and you don’t know what to do with it. So you have to set the security teams that are drowning alerts. They’re so busy that they can’t focus on the really important threats. And what I have to see is machine learning emerging to actually helping with these issues.

First there are organisations stitching together the data. so instead of a bunch of isolated data streams we use the phrase joined-in and analyse it. Joined-in is where you take your source code data and mash it with your vacation data so if an engineer checks in for threat indications that’s actually something you wanna look at. But if you only look at source data you’ll never be able to make that conclusion. And analyse it means to look deeper and extract more information. And then, using machine learning to take that huge volume of information and funnel it down to a simple message which says, okay, here are the things that humans need to look at and here are the things that humans don’t need to look at and we know how to deal with it. We can automate responses, cut the device from the network etc. Ultimately humans can only make so many decisions per hour and we have more and more connected things in the world and so if we try to add those things and do the security the same way we did in the past, we’re gonna lose.

What are the possibilities and benefits of using data science in cyber security?

[Using data science] I think security teams will get more sleep, companies will be more secure, hacked less frequently, and individuals will see their data be more protected.

When did you notice that things started to take off?

When we started the company we were securing windows mobile smartphones. And projections for how many smartphone there will be in 2017 were very few. So when we went to investors they were like ‘oh yeah the smartphone market is not very big one’. And now there’s billion smartphones shipped every year and what changed was iPhone and Android launched and that made smartphones easy and fun to use and then at the same time you had 3G and now 4G networks and made the data connection very fast. And the growth of Android and iPhone helped business to grow because it turns out everyone is using smartphones personally. And more recently they started to use them more for work and we’re using things for data, for shopping and for sensitive business data that attract hackers.

So if you could tackle any technology exists today to solve a challenge which would it be?

I think there’s still a lot of misinformation around machine learning and big data systems, I think a lot of people believe that you can just apply machine learning to data and magic happens and problem solved. It’s not true. Machine learning is something that can be a good classifier can detect anomalies in some cases it’s not just machine learning it’s what we call a cyborg. It’s machines doing one thing and humans doing another and find the right handoffs approach so that they can operate together.

Like this article? Subscribe to our weekly newsletter to never miss out!

Follow @DataconomyMedia

Image: James Case, CC BY 2.0

Today, we’re more connected than ever thanks to the prevalence of smartphones in our lives, and their integration with Cloud services. This comes at a cost, however. With so much of our personal information online, data breaches are becoming more common.

So what exactly is a data breach? In essence, it is an incident where an unauthorized person gains access to sensitive or confidential information. This may include personal health information, personally identifiable information or trade secrets. Many people have experienced this in the form of stolen credit card numbers or even hacked social media accounts. It has become very common in the United States. In fact, in 2015 alone there was a total of 781, an 8.1 increase from 2014. The most common causes of data breaches are:

• Hacking
• Employee error/negligence
• Email/Internet exposure

Targets and Consequences

One of the most notable examples of a large-scale data breach is the 2013 Target hack where cybercriminals were able to steal the identity of millions of customers. While not necessarily unique – other retail stores have experienced data breaches as well – what happened after did surprise many as a class action lawsuit made it to courts and required Target to pay consumers who had experienced credit card theft. This set a new precedence for lawsuits against retailers who experience a data breach.

The IRS is a constant target for criminals and in 2016 hackers were able to get a hold of their transcripts, compromising the information for 100,000 taxpayers. One can operate under the assumption that due to the high-value data they contain, government databases are going to be future targets.

Retail stores and government agencies aren’t the only targets, as evidenced by the data breach of the University of Florida. Hackers gained access to thousands of names, social security numbers and ID numbers of the students and professors. Wherever data is being held, hackers will try to find a way in.

For retail stores, a data breach could spell doom. It turns out 65 percent of consumers are unlikely to do business with a store after leading to a loss of profits. As data breaches increase, banks and other companies have put more safeguards in place to protect people’s identity such as chip-enhanced cards and adoption of Apple Pay and Google Wallet.

Of course, even with the additional security layers, there’s still potential for identity theft as hackers become more sophisticated. For contactless payment in general, security experts note that while RFID and NFC offer good cryptographic protection, most deployment uses proprietary technology opening up phones and payments to new insecurities.

Have Consumers Become Complacent?

Despite the uptick of data breaches, many consumers seem to take data breaches in stride. Does it mean they have gotten used to the idea? The fact that consumers are less likely to do business with stores that have been compromised show that isn’t necessarily the case. So why do they appear unconcerned? There are a couple reasons:

• Many consumers do not believe it will happen to them.
• Some argue that consumers are suffering from data breach fatigue, a condition where they ignore or minimize the consequences of having their information compromised. As many as 32 percent of consumers ignore data breach notices. Of those that do read the notice, more than 50 percent take no action to protect themselves. However, opinions differ, as evidenced in this survey by Experian, which suggests that consumers do not react as much to data breach notices, because they have already taken cautionary steps.

Across the board, consumers demand more privacy and protection but are unwilling to use privacy enhancing systems such as Virtual Private Networks or in some cases even basic security software. Of course, even if they take measures to protect their information, if the business’s own security is compromised, no measures the consumer takes on their end will keep their information safe.

For this reason, many consumers have simply accepted that a data breach will happen at some point. Unfortunately, this acceptance makes it easier for hackers. If consumers stop reporting, companies will not know of any security issues and some may even stop caring about cybersecurity. This will eventually embolden more hackers to attempt data breaches as they are less likely to suffer repercussions for their actions. This is a downward spiral that can get dangerous quickly.

For many consumers, data breaches have become the new normal and, for the most part, many do not suffer any major consequences. In fact, it is the company who experienced the breach that bears the brunt of the financial burden. Still, there are very serious drawbacks for consumers such as a potentially damaged credit history or maxed out medical coverage. Therefore, it’s important for both businesses and consumers to take the necessary precautions to reduce the opportunities for identity theft.

What steps do you take to protect your identity? Is this an issue you are concerned about? Tell us in the comments below.

Like this article? Subscribe to our weekly newsletter to never miss out!

Follow @DataconomyMedia

Image: Kaleb Nyquist

The Cyber-Security War

For those of you who don’t know yet, the world is currently engaged in a massive global technological war over access to everything stored online. On one side we have regular internet users (or targets), who consist of large corporations, governments, small businesses and consumers like us all. On the other side we have the anonymous cyber-criminals (or hackers) who are intent on stealing all our online assets and confidential information for their own nefarious purposes. This war started in the mid-90’s with the creation of the internet and has now spread to every corner of the globe that the internet touches. Unfortunately the growth of the internet has corresponded to an even larger growth in cyber-crime and it is now the hackers who hold a massive and unfair advantage. As with all wars, the cyber-war will ultimately be won on strategy and resources. It is obvious that we desperately need new strategies and resources to reverse the current course of the war in our favor. However we should first ask ourselves if this cyber-war is actually winnable? And if not then what are the consequences and stakes for us as losers? And if the war is winnable how can we achieve this seemingly unlikely scenario?

Scope of the War

In this modern digital age all of our important financial, technical, business and personal information is increasingly being stored on a plethora of online servers around the world. With growing use of cloud and mobile services we have never been more exposed and vulnerable to online hacking. Conversely hackers have never been so powerful, organized, well-funded and dangerous. The ever-growing consumer demand for fast, convenient access to internet data from anywhere in the world is now playing into the hands of the hackers. In fact there is now very little confidential or personal data anywhere in the world that is inaccessible via the internet.

In 2014 cyber-criminals stole more than US $110 billion in currency funds and credit card fraud alone[latex]^1[/latex]. Moreover they caused in excess of $440 billion in ongoing damages and liabilities via trade / IP theft[latex]^2[/latex]. Although the main targets are large enterprises, governments, major retailers and banks it is consumers who ultimately pay much of the damages via higher pricing and additional fees (average ~ $300 per year). Furthermore identity theft is becoming a major problem for all consumers facing a battery of malware, viruses, worms, phishes and spyware every day. Ultimately all personal data is at stake and it is simply a matter of time until we all get affected by cyber-crime in some signficant way. This is now a $0.5 trillion problem that affects everyone.

The Major Casualties

It takes just one successful breach into the internal server network of a large business or government organization to sieze hundreds of millions of personal records, usernames, passwords and credit card data. The litany of enterprises who have become repeated casualties in this war stretches across all global industries and international markets. However the majority of targets can be classified into eight industry classes; namely Financial Services, Telecom & Utilities, Government & Military, Healthcare, Internet & Media, Gaming & Entertainment, Travel & Hospitality and Consumer Retail (see graphic below). Despite numerous attacks against large retail brands such as Sony, eBay and Target, the potentially biggest and most profitable targets for hackers are Financial Services and Internet Services industries. These industries store the largest amounts of financial data online and have the largest customer bases.

Recent Large Enterprise Casualties[latex]^3[/latex]
(including no. of stolen records if given)

Of particular interest as a hacker target is the rapidly growing cloud data storage industry. Cloud storage providers not only store the personal and financial details of hundreds of millions of consumers, but also the confidential documents of millions of individuals, businesses and organizations. Consequently it comes as no surprise that cloud services from Apple, Google, Amazon and Dropbox have all been repeatedly hacked over the past few years. Moreover future attacks against cloud storage and software-as-a-service (SaaS) providers can be expected to increase as the cloud continues to permeate both consumer and business markets. Outsourcing data storage to the cloud ultimately means relying on the data security of cloud service providers.

The Major Culprits

The biggest problem with the cyber-war is that it is highly asymmetric and one directional in nature. It only takes a very small group of well organized and funded hackers to successfully breach and steal data from the largest enterprise networks in the world, and potentially steal billions of personal records and untold volumes of confidential data. The resources required to launch a sophisticated attack are much less than the resources required to defend against the attack. There is little downside for the attacker with most hacker groups operating under the protection of political regimes outside the juristictional realm of most targets in capitalist nations.

Consequently cyber-crime has evolved into a geo-political game with an estimated 75% of corporate security breaches in the west originating from China, Russia and North Korea[latex]^4[/latex]. While these nations might protect their own citizens against foreign prosecution, the spectre of government funded hacking also looms as a likely culprit. The remaining 25% of enterprise security breaches originate from domestic sources in North America, Europe, Asia and Australia. While domestic hackers can incur massive legal penalties if caught, the actual risk of being identified and arrested by authorities remains minimal for well organized criminal groups. From the hackers point of view the online world is their oyster and they are operating from behind a dark curtain of anonymity. They are the silent unseen predators and the world is full of large, juicy, vulnerable prey.

Plight of the Prey

The most obvious targets of cyber-crime are the customer credit card details that all online businesses and major retailers store on their server networks. Credit card details alone are worth between $5 and $100 each on the black market depending on the age, type and volume of cards supplied[latex]^5[/latex]. Additional private information such as customer addresses, phone numbers, SSN’s, usernames and passwords are worth even more to identity thieves who can steal many thousands of dollars from every unsuspecting card holder. Of course the consumers and banks share the immediate monetary damages of any credit card fraud, much of which can get passed onto cyber-insurance companies. Moreover the cost to banks of replacing stolen credit cards runs to billions of dollars every year. Ultimately however, any business or retailer may be sued by banks, insurers and consumers for all stolen funds and ongoing damages resulting from a data security breach. As Target recently found out, banks can be very persistent in pursuing legal action against retail vendors who have experienced major security breaches of their customers data.

Because banks store many other types of financial accounts online (in addition to credit card accounts), sophisticated hackers who target banks can steal much more than just a card number worth $100 on the black market. Once inside a bank server they can very quickly access and transfer huge amounts of currency assets from any bank account to anonymous accounts in friendly foreign countries. The very recently discovered malware hack against over 100 global banks resulted in almost $1 billion being stolen by a single organized crime syndicate over a two year period. Attacks against international currency assets, global commodities and stock market share portfolios are now becoming common place (and often hidden by their victims). Consequently consumer and merchant banks carry the largest inherent liabilities to cyber-crime. Hence cyber-security and cyber-insurance expenses have now become major boardroom issues at all banks. The banking and financial services industries definitely have the most to lose if the hackers were to win the cyberwar at the end of the day. They also have the greatest incentive to fund new strategies and disruptive technologies in the war against the hackers. New online financial technologies must either solve or mitigate the online security issue if they are to reduce costs and streamline processes for both banks and consumers.

Of course this is only the monetary side of the damages that result from online security breaches. The much larger concern is the theft of trade secrets, intellectual property, employee information and other confidential data that exists on the servers of every large enterprise today. The recent Sony breach demonstrates how a single limited hack of highly sensitive corporate information can sabotage major product releases and corporate relationships causing hundreds of millions of dollars in damages. The damage to the brand name of any retail enterprise that gets hacked is almost immeasurable. In addition to massive corporate damages, cyber-theft of confidential material from government and military organizations has the potential to change domestic and foreign political policy, surrender technological advantages to political enemies, and maybe even start a real physical war. Perhaps it already has?

Despite most large enterprises spending tens of millions of dollars on security every year the hackers are still winning the war. Conventional security technologies use firewalls, encryption, usernames, passwords and biometrics to attempt to create hack-proof barriers that prevent hackers gaining access to critical stored data. Unfortunately no matter how sophisticated or hack-proof a security platform might claim to be, nothing is ever 100% hack-proof. The best hack-proof platforms on the market can effectively only provide 99.9999% prevention of external breaches. Over time security breaches are inevitable and once the hackers are inside they can gain complete access to all of our financial information and private data with ease.

Our existing strategies and tactics are simply not working and a paradigm shift in thinking about online security is desparately needed to win the war (or at least reach a comfortable stalemate). Our modern internet society is now in a highly precarious position and ultimately we have only two options: to concede defeat, surrender our privacy and pay ever increasing cyber-insurance premiums .….. or fight back with radically new strategies and tactics.

The Future of Online Security

The traditional practice of simply shielding online data with multiple defensive barriers and user authentication doors has now proven a highly fallible and incomplete strategy. However new security technologies based on innovative new strategies and tactics are now emerging. These new technologies make the fundamental assumption that the hackers will always defeat any hack-proof security measures and can easily get inside any online server. In general, these new security technologies can be categorized into four different classes of security platforms, namely;

Adaptive Platforms
The concept of adaptive platforms is to partition various payloads of data throughout an enterprise network or cloud-based storage platform and continually monitor for security breaches in real time. Once a breach has been detected and identified the platform adapts its security protocols and locks sections down to isolate and limit the scope of the breach within the network. Companies such as Cloud Passage and Tanium are developing fast adaptive strategies that are all about reducing the potential real-time damage of breaches by a factor 10-100 or more. If you can’t stop them you might as well give them as little data as possible once you know you have a problem.

Mobile Enterprise Platforms
The advent of mobile platforms as the preferred user interface for many employee applications within an enterprise network has exposed a huge gaping hole in online security. Mobile devices such as smartphones and tablets typically have very poor security and are a common first entrance point for many hackers, phishers and malware. Startups such as Bluebox, MobileIron and ThreatTrack are addressing enterprise security from a uniquely mobile perspective. The idea is to stop hackers at the initial pinprick of a breach instead of waiting to deal with major server breaches later (when it is already too late). Adaptive security strategies can also be integrated on a mobile end-point platform. The more difficult it is to hack into an iPhone the more protected the enterprise network remains overall.

Counter-Measure Platforms
Instead of simply mitigating the effects of hacking we can actually go on the attack and mess with the hackers. Using a strategy borrowed from the NSA and Pentagon, there are several large security players such as Ricoh and Kapersky Labs who are developing highly pro-active counter insurgency platforms that take the fight to the hackers. It’s all about identifying and locating your hacker in real time, and then giving him a data payload that corrupts, disables or incapacitates his own data storage or online platform. Not only does the hacker lose all his stolen data but he can lose his entire software hacking capabilities and be more easily located by authorities. This strategy is obviously all about offense and not defense. However it also requires significant resources and manpower to implement.

Hack-Safe Platforms
In what may be the most ambitious and complex of these emerging security technologies, hack-safe platforms don’t try to prevent data breaches….. or even limit them. They simply try to ensure that any data stolen is totally useless to the hacker. This strategy is based on the principle of eliminating the liability of the breach instead of preventing the breach itself. This requires a very granular level of data management such that data packets are converted to a dispersed encrypted hack-safe format (note that a 100% hack-safe platform is theoretically possible while 100% hack-proof is not). Storage hardware vendor Cleversafe and software security startup Cryptyk* are combining principles of dispersed cryptography with enterprise and cloud data storage technologies to ensure that any stolen data from external breaches is incomplete and indecipherable. No doubt more startups will emerge in this area as secure cloud services begin to penetrate enterprise storage markets. Ultimately, the reason that this technology may have the most potential is because it uses the cloud to improve security instead of reducing it. Nothing like turning a perceived weakness into technical strength!

Although all four emerging security technologies are still at an early stage of their development, there exists the glimmer of hope that one or more can turn the tide of the war. Most large enterprises should seriously consider investing in several of the aforementioned technologies as a matter of legal liability mitigation. No doubt an integrated multi-pronged approach that is compatible with existing security platforms will produce the best results for most large enterprise networks. A new paradigm in online security is emerging and we can only hope that these innovative efforts live up to their potential. Otherwise the future of the cyberwar looks very bleak indeed.

Adam Weigold, CEO of Cryptyk, is a physicist, technologist, market analyst, business development specialist, author and digital currency evangelist. A start-up veteran for early stage technology businesses operating in C-level, directorial and advisory roles, holding over 20 years of technology innovation and business management experience building start-ups in photonics, industrial automation, telecom, defense, medical devices, medical services and financial services.

References
1: Bloomberg, CNN Money, Forbes
2: Gartner Research, Markets & Markets
3: informationisbeautiful.net, DataBreaches.net, IdTheftCentre
4: German Alliance for Cyber Security (Jan 2015)
5: Nilsonreport.com

*Disclosure Statement: The author Adam Weigold is a director and shareholder of Cryptyk Inc.

(image credit: Georgia National Guard)

Office, the UK based online shoe store has received a warning from the Information Commissioner’s Office (ICO) where the imposing of a fine or stricter measures were imminent, in the aftermath of a data breach that compromised customer information.

Personal information such as contact details and website passwords of over a million customers were accessed by an outsider through an unencrypted Office database in May last year. However, it has been reported that no valuable financial data was compromised.

Office Holdings CEO Brian McCluskey spoke of the issue : “We take such a threat very seriously and have been in communication with our customers to advise them of the matter.”

“We can confirm that no credit card, debit card, PayPal or bank details were compromised in any way. In addition, we have reported the matter to the relevant authorities,” he further added.

“The breach has highlighted two hugely important areas of data protection – the unnecessary storage of older personal data and the lack of security to protect data,” notes ICO enforcement group manager Sally-Anne Poole.

She also pointed out the potential danger of having the same password on various online accounts. “This one incident could potentially have given the hacker access to numerous accounts that the clients held with other organisations, as passwords were included on the database in question,” she said.

Through ICO’s 9 month long investigation it has been revealed that there was no trace of the stolen information being passed on. However, Mr. McCluskey, has promised stringent measures like routine testing of the servers and systems, better data protection infrastructure and training for employees to avoid future mishaps.

Follow @DataconomyMedia

(Image credit: Pixabay)

Mark Cuban is an American businessman, investor, tech mogul, and owner of the NBA’s Dallas Mavericks. He is also a “shark” investor on the hit television series Shark Tank, and creator of privacy focused messaging app ‘Cyber Dust’.

After being falsely accused of insider trading by the SEC in 2008 and having to hand over all of his emails and messages, Mark decided to build a truly secure and private method of communication.  Enter Cyber Dust, a messaging alternative that promises to never let your data touch a hard drive, only staying in-memory for a period of 24 hours.

We had a quick chat with Mark to find out some more about the app, his reasoning, and the technology behind it.

We know you had legal protection in mind when you created Cyber Dust, had you also considered a situation like Sony’s recent breach?

Absolutely. Everything and anything is hackable. There is always someone better at it than your security. For this reason we made sure that we never kept anything longer than 24 hours. More importantly for those 24 hours, nothing ever touches a hard drive.

if we detect a problem, we just pull the plug and the data within the 24 hour period is gone. Being exclusively in memory also makes it harder for anyone to root around and search.

How much of a shock do you think the breach was to the US media and tech industry?

It was a shock only because of the fact it impacted the release of a movie and surfaced emails from and about big celebrities. Beyond that i dont think it was a shock at all. If companies have a hard time protecting credit cards, it should be no surprise when emails or pictures are hacked.

Have you had corporate clients pick up Cyber Dust since then? Do you see much traction at an enterprise level for the app?

We had them before and after.

We don’t currently try to be an enterprise solution. Much like dropbox and other apps were introduced to organisations outside of their tech groups, the same is happening with Cyber Dust.

Are there emerging technologies or trends you think increase the risk to individual privacy? (Or erode privacy in a more insidious manner by changing our perception of it?)

I think social media is reducing our awareness of privacy issues. You look on twitter and there are people with 20k public tweets. How is there any upside to that ? Same with facebook, tumbler, instagram, etc. We just introduced an app called Xpire (in ios store, android coming). you can get info at getxpire.com. It allows you to search and delete old social media posts. It also allows you to set a timer to new posts.

Is there any reason at all why social posts should live forever?

What sounds reasonable and safe today most likely wont in a few years.

Do you see other opportunities for this straight forward approach to data privacy?

Yes. We will extend it into notifications for the Internet of Things. Its already being used by companies to send company updates and alerts. From simple reminders about meetings to critical information.

The fact that it’s non intrusive, is gone quickly and just as importantly prevents the recipient from procrastinating, you have to respond right then while you remember it, makes us a great corporate tool.

Rather than trying to replace email, you will see us extend into being a place where we can send updates to people, places and things and not leave a trace.

Just so people know, we have no server logs. None. We don’t know who used the service and don’t want to know. We don’t have or keep IP addresses or any information. Not GPS data. Nothing.

Any information we do gather is limited to the device and when the message is gone, so is the information.

Only exception is if you go to a website from inside the browser. Then the website operates normally.

Had you also considered the social component? There’s a lot to be said for a way to connect that is as private and immediate as a face to face conversation. If so, how might this digital intimacy factor into the development of the app?

We are definitely a content source. From celebrities, from businesses, from websites. You can get business headlines from BusinessInsider, tips from Daymond John of Shark Tank, GaryVee and Jason Calicanais, 2 big time tech investors. From entertainers, Sports teams and stars. We have LifeHacks, Factoftheday, Horoscopes. Every day there are a ton of new data and information sources being added. You can get a sense of them at http://www.cyberdust.com/popular

Because of the nature of the app, there’s no way to verify who any account actually belongs to (and therefore use it against them), short of an official blast. Was this a consideration in the design, or are you planning on adding verification at some point?

If you are on our popular page, you are verified. That will be our verification. There are a ton of A list celebrities and athletes using the service. But they use it for their own privacy. We want people to be able to use it with absolute privacy. If you happen to find a celeb’s user name, its incredibly easy for them to block you.

Cyber Dust is available for Android and iOS.

“Every spoken word isn’t recorded. Why should your texts be?”

(Image Credit: TechCrunch)

Media giant Sony Pictures, is the latest to be victimized by a cyber attack that paralyzed its internal systems and leaked sensitive documents ranging from coming products to pay information, on the 24th of November . Having disrupted the internal machinery of the company, it has also triggered a frenzy further leading to statements of disclaimer.

Calling the hack attack ‘righteous,’ North Korea, believed to be behind the attack owing to a report published by Recode, issued  a statement claiming otherwise :

“We do not know where in America the Sony Pictures is situated and for what wrongdoings it became the target of the attack, nor [do] we feel the need to know about it,” the statement carried in state media said. “But what we clearly know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership [of North Korea].”

The leak included five films directly hitting their performance at the box office as well as private information of more than 6,000 employees and stars Washington Post reports that the malware used was similar to that used against businesses in South Korea and the Middle East.

However, a memo release by Sony, rubbishes any claims against North Korea, calling the Recode report, “not accurate”. “This is the result of a brazen attack on our company, our employees and our business partners. This theft of Sony materials and the release of employee and other information are malicious criminal acts,” the memo added.

Experts warn of the volatility of corporations and enterprises against such attacks. “The only way to fully protect yourself from something like this is to shut down your business,” explains Paul Proctor, chief of research for security and risk management at Gartner.

“A dedicated enemy with sufficient resources can compromise any security system,” he further added. “There is no such thing as perfect protection. This is just a demonstration of it. People who believe they can be protected are likely to have their trust shaken by reality.”

Read more here.

Follow @DataconomyMedia

(Image credit: Luke Ma)

We live in an increasingly connected world with more capabilities than ever before at our fingertips, and it’s making many jobs out there a lot more dynamic. Education is no exception to this trend, though teachers and administrators will likely use these online tools for much different purposes compared to private businesses. Even so, online technology gives teachers the ability to hone their skills and reach students in increasingly effective ways. These advantages, however, do come with a downside. As more teachers do much of their work online in the cloud, the risk for security problems grows. And since schools work with valuable student data, the possibility of a security breach is very real and potentially disastrous. 

There are a number of ways student data could be compromised through teacher accounts. The one most people have heard of is hacking. This essentially means an outside attacker has infiltrated the system and has gotten unauthorized access to the teacher’s account. From that account, a hacker can get further access to data and personal information. Another way student data could be affected is by having a teacher get locked out of his or her account. Most of the time, a lockout is a defensive measure taken by the system when it detects suspicious activity. It can be helpful when an actual threat is detected, but if it’s triggered by mistake, data loss and other leaks may result. 

With these threats posing real security question for schools, teachers need to know how best to protect their personal data along with data of their students. That protection can only start when done with their own accounts. One area where teachers should place more focus is in making their passwords stronger. Far too often, people will overlook the importance of their passwords and how vital it is in keeping attackers from hacking into their accounts. A strong password can frustrate hackers and make them look elsewhere for an easier target. But what makes a strong password? The first technique is to make a password that is at least eight character long or longer. A password should also avoid common words or terms that are related to the account user’s life (so no birthdays, places of birth, or pet names, for example). Passwords also need to contain numbers, capital letters, and symbols, making them that much harder for hackers to guess. All teachers should use different passwords for every account they have. That way, if one password is cracked, the other accounts won’t be compromised. 

Another area teachers should reexamine is their online behavior. When logged into their school account, teachers may end up browsing the internet. When doing this, teachers need to make sure to only go to websites that are secure. They should especially avoid suspicious websites, since unsecure websites have a greater chance of downloading malware to the user’s computer, which may in turn spread to the rest of the network. With the recent discovery of the Heartbleed bug, only using secure websites on a school account is more important than ever. Secure sites take advantage of encryption, which is represented by an “https” address and the graphic of a padlock in the address bar. 

Backing up data is also an important strategy for anyone aiming to protect valuable information. Many people may choose to do this by saving data to the cloud, and while Cloud computing does have benefits, additional backups should also be made on a physical hard drive. Data can also be sent to a separate, safe account. However teachers do it, the important thing is that a backup of the data is at the ready in case an account is compromised. As an additional benefit, backed up data can also be used to recover quickly from an emergency or disaster unrelated to security breaches. In any case, regularly backing up account files is a must for teachers looking to protect student data. 

Security breaches have unfortunately become a lot more common in recent years. While the headlines may focus on major corporations, schools are still a target for cyber attacks. Protecting student and teacher data isn’t just a matter of common sense, it’s a privacy issue. If teachers make greater efforts to secure data, they’ll have more confidence that information will be kept safe and be able to fully utilize the wonderful tools available on the cloud. The overall effect will be a better education for students of all ages.

Rick Delgado- I’ve been blessed to have a successful career and have recently taken a step back to pursue my passion of freelance writing. I love to write about new technologies and keeping ourselves secure in a changing digital landscape. I occasionally write articles for several companies, including Dell.

Follow @DataconomyMedia

(Image credit: Matthew Paulson)

AT&T disclosed earlier this week that it is the latest company to have been subject to a data breach. An employee allegedly gained unauthorized access to customer data and may have obtained Social Security numbers and driver’s license numbers among other details, according to telecom giant.

AT&T wrote a letter to Vermont’s attorney general, explaining the situation, but did not specify the number of customers affected by the breach. However, a source close to the source told Reuters that AT&T has informed about 1,600 customers of this incident. The employee involved has since been discharged and US Federal authorities are investigating the breach with AT&T.

“Unfortunately, we recently learned that one of our employees did not follow our strict privacy rules and inappropriately obtained some customer information. This individual no longer works at AT&T and we are directly contacting the limited number of affected customers,” said an AT&T spokesperson.

The letter also outlines safety procedures as precautionary measures since the extent of the breach, although small, remains uncertain.

This breach is the latest in a string of cyber attacks and data breaches that have victimised banks (J.P.Morgan Chase), retail chains (Target, Home Depot) and other organisations in the US, within the last year and has been gaining considerable traction.

Read more here

Follow @DataconomyMedia

(Image Credit: Chris Young)

A recent study carried out by Vanson Bourne for online security outfit Sophos looked into end-users behaviour towards security and data protection ahead of the proposed EU reforms in the data protection legislation. It has revealed an alarming number of professionals who are unsure of their organisations’ data protection regulations policies.

The statistics point out that 84 percent of the professionals agree to the need for stronger data protection laws in Europe, however, 77 percent are unsure of their organisations’ compliance policies. A staggering 79 percent were concerned about their personal data while 65 percent were worried about the corporate data.

The study points out that by the end of 2015, many enterprises will have to re-assess their policies in accordance with the revised data protection legislation. 91 percent of the respondents had at least one safeguard in place when it came to protecting personal data, only 59% had antivirus protection, reports the Computer Weekly.

Anthony Merry, Director of data protection at Sophos, notes, “Although there is still some fine-tuning to be done to the proposals for reformed data legislation in the EU before they can become law, the core principles are unlikely to change.”

He further added, “All in all, we see this as a positive step in the right direction to bringing all member states under a single set of rules appropriate for the modern, digital world.”

The survey also shows that knowledge and awareness of data encryption is low. The ratification will come as the current data protection directive dates back to 1995, with many changes having been made in between owing to the advent of smartphones and cloud-based services.

1,500 professional consumer and office workers were surveyed across the UK, France and Germany.

Read more here

Follow @DataconomyMedia

(Image Credit: Sébastien Bertrand)

First of all, this is a terrible thing that has happened to these women. It is certainly some form of sexual assault and we should really think about how we treat celebrities and regular Janes when it comes to unintended nudity (so many nip slip images, wardrobe malfunctions, the Duchess of Cornwall’s boobs/buttock) is our society really this prurient?

The morals of the issue aside, there are some very serious implications of this event both legally and for people’s confidence in cloud storage.

What are the legal aspects?

1. Obviously the guy who hacked these devices broke a number of laws, domestic and international. The FBI will be after him and I believe he has been identified. He will likely face fines and imprisonment.

2. Sharing the images, links to download sites etc is really not okay – but it may not be criminal where you live (it will be in some places). However the legal representatives of the parties involved may bring legal action against you. If you do not wish to be sued, don’t share links to this stuff, don’t even look at it. This columnist makes a very good point about how these women, all very young, are victims and also real people. Imagine if this was someone you knew (okay straying into the morality of it all again)!

What does it mean for the rest of us?

Well the big question is, can we trust cloud services to protect our data? Not all of us will have naked photographs on our devices and if we did; few of them I imagine would be appealing to hackers but we do have a lot of personal and commercially sensitive information in the cloud.

Are you on the cloud? If you have a smartphone then yes anything on that smartphone is probably backed up online. If you use social media all of that content is potentially hackable. This includes chat, the data, images and whatever else you share in private on instant messaging can all be hacked.

So are Apple, Facebook, Sony, Google, Skype, Dropbox and whoever else doing enough to secure our data? The answer is yes, usually, with some provisos.

If your data is valuable – like anything of value people will try and steal it for their personal gain. They will invest resources in stealing it that are proportionate to the rewards they anticipate. So if you are a beautiful young woman, more so if you are famous, naked photos are not safe with default security settings. From a security POV those images should never hit the internet in any form, for them to be safe. But times being what they are and you want to share them or any other very valuable information on the net, you need to do the following.

(Please don’t take this as victim blaming, I don’t think this attack was in any way due to the actions of the victims.)

1. If possible, activate two step verification. This is available on just about every service these days.

2. Be smart with your passwords. Don’t use the same one everywhere and it must not be personal, the name of your first crush is not as obscure as you think. Mixing words and numbers is not as powerful as most tend to think. Using real words that are unrelated to you is the most powerful password type. e.g. PigsEatHousesRunning is much more robust than Matth3wJ1994 which is useless.

3. Be smart with your email. Don’t use your main email address for everything. If you use a Gmail account for Android, Dropbox or iCloud don’t use that email address for registering for competitions or games and apps etc.

4. Use software. You need to have a good, paid for antivirus and anti-malware tool.

5. Don’t get phished. Phishing attacks can be very sophisticated and look just like a message from Twitter or eBay really would, even down to the email address. Rather than clicking the links in these emails, log into the site separately by typing the domain (www.ebay.co.uk or similar) into the address bar and checking your notifications there. None of these websites will send you a notification about your account that is not also in your notifications on the site. Some experts believe this is how the hacker got access to the accounts of his victims in this latest attack.

There is no need to be afraid of using cloud software, these tools provide a great service to private individuals and companies alike. We need to use them safely and be sensible with our valuable data. We may all need to have a think about our personal vulnerability after this event but definitely don’t let it deter you from using cloud solutions.

About Matthew Jensen- I am an experienced digital strategist and manager. I have gained my experience working with global brands at the cutting edge of digital marketing, search engine optimisation, social media, web development and mobile apps. I excel in business development, consultative selling and finding the optimum product or service for my client’s online marketing or digital development needs.

(Image credit: Brian Klug)

Tennis fever is in the air. The U.S. Open tennis tournament recently concluded in New York City’s Flushing Meadows, and fans experienced an electric atmosphere as the biggest stars in tennis faced off. Watching an exciting tennis match provides plenty of entertainment by itself, but the overall experience is getting a major upgrade with the inclusion of big data. Plenty of organizations and businesses have become quite familiar with big data, using it to increase retail sales or sniff out fraud, but big data may seem like a strange fit for sports, particularly tennis. The relationship might feel out of place, but big data analytics is proving an effective catalyst for transforming the fan experience at the U.S. Open.

Most tennis fans love to study the game by comparing players and statistics at each of the major tournaments held around the world. Big data is playing a huge role in helping these fans analyze the game through unprecedented access to information. With big data analytics provided by IBM, statistics from the past eight years of Grand Slam tournaments are scrutinized in painstaking detail to identify patterns from individual players. The amount of big data being looked at is massive, with more than 41 million data points analyzed. These stats can go from basic information, like the speed of serves or the number of double faults in a match, to much more advanced data, like win percentage of four- to eight-shot rallies or winners on the forehand side of the court. What results from this analysis is an in-depth look that helps to define strengths and weaknesses in a player’s game, while also providing a predictive look at what may happen during a match.

The incredible analysis offered by this big data platform initiative has a remarkable effect on the fan experience. The patterns and insights derived from big data can be put into the hands of the average fan through data visualization. On the U.S. Open app and website, fans can access this information, getting detailed looks at matches that have recently concluded. But the benefits go far beyond after-the-fact statistics. With data collected from sensors placed all over the court, fans can even get real-time stats in the middle of a match, with new information being updated instantly and the latest predictions being transmitted. In other words, fans can watch a match on television or in person while also referring to the app on their smartphones or tablets to find out what the latest predictive analysis says about who will come out the winner.

All this data analysis is also transforming the fan experience in ways outside of the main competition. A new feature that was first introduced at this year’s U.S. Open takes all the collected tennis data and assigns sounds to each data point with the use of a special algorithm. For example, an ace will be assigned a specific sound while double faults will get a different sound. The point of this is to turn the data into music. With matches turned into data turned into music, fans can get a sense of the momentum and ebbs and flows of a match through audio. For now, the music feature is only available at the event itself, though it’s not out of the realm of possibility to think it may be made available on the app or website in the near future.

With so much processing power needed and higher demands on wireless features, managing digital traffic has become an essential component of functionality at the U.S. Open. Fans are using digital resources at a growing rate with more than 117,000,000 mobile page views for the tournament. All of that traffic requires the latest in cloud computing technology to make the entire infrastructure run smoothly. It also requires advances in network security to make sure fans are protected from cyber attacks and their personal data is kept safe from malicious malware. As the availability of mobile platforms is made continuous, fans can get the most out of the new features being offered thanks to big data.

While most fans may be unaware of how influential big data is in the tennis world, they are likely taking part in many of the results that come from big data analytics. Big data can turn even the casual fan into an expert, helping them understand and even predict the outcomes of matches. In other words, the entire experience can be turned into an even more enjoyable one. The end result may likely be a growing fanbase and rejuvenated interest in tennis.

Rick Delgado- I’ve been blessed to have a successful career and have recently taken a step back to pursue my passion of freelance writing. I love to write about new technologies and keeping ourselves secure in a changing digital landscape. I occasionally write articles for several companies, including Dell.
 

(Image credit: Steve Pisano)

Druva, an Enterprise Data Back-up solutions provider and endpoint data governance pioneer, landed $25 million in Series D round from existing investors such as Sequoia Capital and Nexus Venture Partners.

Through endpoint data protection it prevents data loss for enterprises by collecting data from devices (phones, laptops, tablets, etc.) using their agents on these devices. These agents upload the data to the Druva’s cloud which helps restore the data in case of loss of device or data.

Competing with Druva in the data protection field are conventional protection providers such as EMC, HP and Symantec. However, “using [endpoint] data for relevant data centric problems is the direction we really want to head,” said Jasprett Singh, co-founder and CEO. Druva uses the Amazon Web Services public cloud; Singh says that 80 percent of Druva’s business is from its public cloud offering. The rest of the service is on companies’ own private clouds.

The company started in 2008 and now intends to invest the newly-found capital into expanding their outreach to markets in Asia and Europe, while building their workforce from 200 to 300 by the end of the year. Its customers include Nasa, PriceWaterhouseCoopers, Dell and Tesla to name a few.

With access to a wealth of data Druva might viewing data protection as a point of entry for revenue derived from analytics services, like predecessors Facebook and Twitter in the past.

Follow @DataconomyMedia

Interested in more content like this? Sign up to our newsletter, and you wont miss a thing!

[mc4wp_form]

(Image Credit: National Nuclear Security Administration)

The European Central Bank admitted today that hackers have broken into its database and stolen personal information. The ECB said that email addresses and contact data has been taken from its database for conferences, leaving street addresses, telephone numbers and 20,000 email addresses held by the bank compromised by theft. Other information stolen, according to ZDNet, in encrypted form, was “data on downloads from the ECB website.”

The ECB learnt of the theft after an anonymous email was sent to the organisation asking for money in exchange for the data.

“There had been a breach of the security protecting a database serving its public website. This led to the theft of email addresses and other contact data left by people registering for events at the ECB,” said the central bank.

“No internal systems or market sensitive data were compromised,” said the central bank. “The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems.”

As reported by the Financial Times, “Unlike the central bank’s internal electronic systems and parts of its website that contain market sensitive information, the events register was more vulnerable to cyber theft because parts of the database were not encrypted.

The ECB said that it will be contacting individuals who have had their email addresses and data compromised. The German police have been informed and an investigation is underway, the ECB announced.

Read more here

Follow @DataconomyMedia

Interested in more content like this? Sign up to our newsletter, and you wont miss a thing!

[mc4wp_form]

(Image Credit: Jim Woodward)

Dr. Joss Wright is a Research Fellow at the Oxford Internet Institute (OII), where his current research focuses on analysing Internet censorship and data anonymization. Prior to the OII, Dr. Wright worked at the University of Siegen in Germany examining security and privacy issues in cloud computing. He has a PhD in Computer Science from the University of York.

There is a lot of debate about privacy. Where it came from, where it is going, and what it means for society. Undoubtedly, privacy is certainly under threat and will never be the same again. A lot of people will point out that privacy did not really exist in law internationally until quite recently. The first really significant bit of law was a 1898 legislation in the United States, from Samuel Warren and Louis Brandeis, who defined privacy as the right to be let alone. However, privacy has really existed long before this; it was just, and this is slightly controversial, more intrinsic.

We worked on a human scale back then. You said something to someone, and they could re-tell it, a rumour could spread, a story could be told, but it was on a human scale. You would forget and everyone knew it would change in the telling. Then technology brought about this erosion of a right that had always been very intuitive. Even now when you ask somebody to define privacy, it’s very very tricky, but if you say to somebody x, y, z happens – has your privacy been violated? People can instantly say ‘yes’, or ‘no’.

We must look at these tech companies also. Google, for example, makes over 95 percent of their profit from targeted advertising. We are now working on a scale we were not built to predict. As a human, we can’t make good privacy decisions; we get short-term easy rewards like access to Facebook, or access to Gmail. The privacy risks that come with that, the risks of our data being used against us, or being used in a way that is not within our control, is a long-term potential probabilistic concern.

I think privacy is something we can still preserve, albeit not to the same extent we used to be able to. I think we should try, not in an attempt to fix a status quo of ‘what is private now should always be private’, but to guide a society towards a society we want to live in, so that we do not have the risk of all data being shared with everyone, and have this transparent society like David Brin writes about.

We need to build systems that do that, and we need to have legal backing to enforce the companies that do not treat data they are not suppose to treat with strong sanctions, like the European Union is doing with the proposed general data protection regulation that is coming into force hopefully in 2016. These strong sanctions against companies will go a long way.

Follow @DataconomyMedia

Interested in more content like this? Sign up to our newsletter, and you wont miss a thing!

[mc4wp_form]

In Gartner’s annual Magic Quadrant for Security Information and Event Management (SIEM) Technology report, IBM Security QRadar was ranked the highest among 15 different vendors. The report rates vendors on how their products address customers’ needs for security intelligence and analytic ranking them on their ability to execute and completeness of vision.

“We believe Gartner’s recognition helps validate IBM’s approach to security that focuses on helping customers benefit from security intelligence and analytics, and overcome challenges created by fragmented point solutions,” said Brendan Hannigan, general manager for IBM Security Systems.

The Gartner report estimates that SIEM is a $1.5 billion market, which grew by 16 percent last year and has an expected growth grate of 12.4 percent during 2014. “During this period, the number of Gartner inquiry calls from end-user clients with funded SIEM projects increased by 12 percent over the previous 12 months,” the report said.

While the report noted that the SIEM market is mature and competitive, it also mentioned that it is dominated by a small number of large vendors. HP, IBM, McAfee, EMC (RCA), and Splunk make up 60 percent of market revenue, with other large vendors like Tibco in the mix too. The report also pointed out that a few small vendors are doing well, but that there would be “increasing stress on many of the small remaining vendors.”

Read more here

Follow @DataconomyMedia

Interested in more content like this? Sign up to our newsletter, and you wont miss a thing!

[mc4wp_form]

(Image Credit: Steve Jurvetson)