In the digital age, where authenticity and ownership are paramount, the concept of cryptographic invisible signatures has emerged as a powerful tool. While most commonly associated with protecting digital art and media, this technology is now revolutionizing the world of physical products, particularly in the fight against counterfeiting.

This is not a “victimless crime,” either, as some would suggest. According to Frontier Economics, the global value of counterfeiting and piracy to be close to US$2.8 trillion by 2022, and net job losses will be between 4.2 to 5.4 million.

A Brief History

Invisible watermarking, the digital precursor to modern cryptographic invisible signature technology, has been employed in various forms since the late 20th century. Initially used to protect copyrighted images and videos, it involved embedding subtle data within the content itself, undetectable to the human eye but easily identifiable by specialized software. This technique served as a deterrent to unauthorized use and a means to trace the origin of copied material.

The evolution of digital watermarking led to its application in diverse fields, including audio recordings, software, and even printed documents, and the technique – which can fall into both the cryptographic and the steganographic fields – has even been used by spies and hackers to transfer secrets or deliver malicious payloads. 

While the digital world plays well with cryptographic techniques, using these techniques in the “real world” is a significant challenge.

The Rise of Cryptographic Invisible Signatures for Physical Products

In recent years, a new player has entered the arena of cryptographic invisible signatures: Ennoventure. The company has adapted cryptographic principles to create invisible signatures for physical products, particularly packaging.

“Adapting our cryptographic invisible signatures to physical packaging was an exciting challenge,” Padmakumar Nair, co-founder and CEO at Ennoventure, said. “Key hurdles included ensuring adhesion to diverse materials, signature resilience during handling and transit, scalability without disrupting production, user-friendly scanning, compliance with regulations, and effective communication of the technology’s benefits.”

Ennoventure’s technology addresses a long-standing problem in the packaging industry: the pervasive issue of counterfeiting. Fake products not only erode brand trust and cause financial losses but also pose significant risks to consumer safety, especially in industries like pharmaceuticals, automotive, and food.

The Power of Invisible Cryptographic Signatures

Unlike traditional security measures such as holograms or barcodes, which can be replicated, invisible cryptographic signatures offer a higher level of security. These signatures are embedded directly into the product’s packaging or label during the manufacturing process, making them virtually impossible to duplicate.

“The technology utilizes a combination of unique identifiers and encryption algorithms, ensuring that each product carries a distinct and verifiable signature,” Nair said. “This signature can be easily scanned using a smartphone, providing consumers and retailers with instant verification of authenticity.”

Ennoventure’s solution goes beyond mere authentication. It offers a comprehensive suite of features, including supply chain tracking, data analytics, and consumer engagement tools. This holistic approach empowers brands to protect their products, engage with customers, and gain valuable insights into consumer behavior.

Overcoming Industry Challenges

While the benefits of invisible cryptographic signatures are clear, Ennoventure acknowledges the challenges of adoption within the packaging industry.

“The packaging industry’s hesitance to adopt invisible cryptographic signatures stems from several factors,” Nair said. “Lack of awareness and understanding of the technology, misconceptions about high upfront costs and integration complexities, concerns about signature durability across various materials, regulatory compliance difficulties, and the need for reliable verification methods all contribute to this reluctance.”

Ennoventure has taken proactive steps to address these concerns. Its technology is designed to be easily integrated into existing manufacturing processes without requiring significant investments or disruptions. They also emphasize education and outreach to raise awareness of the technology’s benefits and dispel misconceptions.

Real-World Impact

Ennoventure’s technology has already made a significant impact in various industries and for consumers alike.

“For brands, it protects products from counterfeiting, safeguards revenue, preserves brand reputation, aids in regulatory compliance, and strengthens supply chain security,” Nair said. “For consumers, it instills confidence in product authenticity, especially for critical items like medicines, food, and cosmetics. It empowers consumers to make informed choices and stay aware of the risks of counterfeit goods.”

Ennoventure’s technology has been implemented in real-world scenarios with measurable impact. For a global agrochemical brand, it facilitated a scalable WhatsApp-based authentication system for farmers, significantly reducing counterfeiting in rural supply chains. For a global agro-industrial conglomerate, it enabled quick smartphone authentication without additional costs, decreasing counterfeit rates. For a leading FMCG brand, it allowed for early detection and prompt intervention, preventing the spread of counterfeit goods.

Looking ahead, Ennoventure is committed to continued innovation and expansion. Its focus on research and development ensures that its solutions remain at the forefront of anti-counterfeiting technology. 

“We plan to expand our services across industries and regions, invest in R&D to enhance our solutions and develop new features, and continue our commitment to staying ahead of the curve in the fight against counterfeiting,” Nair said.

A New Era of Product Authentication

The journey of invisible signatures, from safeguarding digital art to protecting tangible goods, demonstrates the remarkable evolution of security measures. Ennoventure’s groundbreaking application of cryptographic invisible signatures to physical packaging marks a pivotal moment in the fight against counterfeiting. By addressing industry challenges head-on and delivering a user-friendly, scalable, and effective solution, Ennoventure is not only empowering brands to safeguard their products and reputations but also giving consumers the confidence to make informed choices.

As this technology continues to evolve and expand its reach, the implications for a safer and more transparent marketplace are profound. The era of invisible signatures is here, and it’s poised to redefine how we authenticate and trust the products we encounter in our everyday lives.

You may be watched by someone. The recent Wyze camera breach caused a lot of trouble for users. Basically, during a time when Wyze cameras weren’t working right, a mistake happened that let some users see pictures and videos from other people’s cameras instead of their own. It affected around 13,000 users, making a lot of people upset about their privacy being invaded.

Wyze is now trying hard to make things better. Can they succeed? Let’s take a closer look.

What you need to know about the Wyze camera breach

The Wyze camera breach involved a flaw in a third-party caching library that led to approximately 13,000 users accessing images and videos from other users’ cameras. This occurred during a surge in demand following a service outage. Want to learn how this could be possible and what Wyze did about it? Here is a quick breakdown:

• Starting trouble: First, there was a problem with the service that hosts Wyze devices, which stopped them from working for a while. People couldn’t see their camera feeds or what their cameras recorded during this time.
• Oops, privacy issue: When Wyze tried to fix things, they accidentally let some users see pictures and videos from other people’s cameras instead of their own. This was a big privacy breach, and it seems like Wyze is not the only one who is guilty.

“The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren’t able to. We’re very sorry for the frustration and confusion this caused.”

-From Wyze’s notice about the security breach

• Lots of people affected: Originally, they thought only a few people were affected, but it turned out to be around 13,000 users. Some even watched videos from other people’s homes without permission.

• Why it happened: Wyze found out that a new tool they added to their system got confused when lots of devices came back online at once. This mix-up made it show the wrong pictures to the wrong people.
• People were mad: Understandably, people were upset about their privacy being invaded. They talked about it a lot on sites like Reddit.
• Wyze’s fix: Wyze did some things to fix the problem. They stopped access to the part of their app showing the wrong pictures, investigated the issue, and told everyone affected. They also added extra checks before showing videos and changed how their system works to avoid similar problems in the future.

In short, the Wyze camera breach was a big mistake that affected a lot of people’s privacy. Below, you can find the complete email from the firm about the Wyze camera breach:

Wyze Friends,

On Friday morning, we had a service outage that led to a security incident. Your account and over 99.75% of all Wyze accounts were not affected by the security event, but we wanted to make you aware of the incident and let you know what we are doing to make sure it doesn’t happen again.

The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren’t able to. We’re very sorry for the frustration and confusion this caused.

As we worked to bring cameras back online, we experienced a security issue. Some users reported seeing the wrong thumbnails and Event Videos in their Events tab. We immediately removed access to the Events tab and started an investigation.

We can now confirm that as cameras were coming back online, about 13,000 Wyze users received thumbnails from cameras that were not their own and 1,504 users tapped on them. Most taps enlarged the thumbnail, but in some cases an Event Video was able to be viewed. All affected users have been notified. Your account was not one of the accounts affected.

The incident was caused by a third-party caching client library that was recently integrated into our system. This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.

To make sure this doesn’t happen again, we have added a new layer of verification before users are connected to Event Videos. We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday.

We know this is very disappointing news. It does not reflect our commitment to protect customers or mirror the other investments and actions we have taken in recent years to make security a top priority at Wyze. We built a security team, implemented multiple processes, created new dashboards, maintained a bug bounty program, and were undergoing multiple 3rd party audits and penetration testing when this event occurred.

We must do more and be better, and we will. We are so sorry for this incident and are dedicated to rebuilding your trust.

If you have questions about your account, please visit support.wyze.com.

Wyze Team

ExpressVPN leak reveals incognito tab histories

The receipt of Wyze security breach

It’s time to try to make things right for Wyze. Wyze said sorry to their customers and promised to do better with security. They talked about the security steps they’ve taken in the past and said they’re committed to improving.

I was watched by someone
byu/H3H3ather inwyzecam

The Wyze camera breach could make people worry about using Wyze products in the future. It might also lead to legal problems for Wyze and pay compensation to affected customers.

What is Wyze?

Wyze is a technology company that specializes in smart home devices and services. They are known for offering affordable yet feature-rich products, including security cameras, smart bulbs, plugs, sensors, and more. Wyze aims to make cutting-edge technology accessible to everyone by providing high-quality, user-friendly products at competitive prices.

Their products are often praised for their reliability, ease of use, and innovative features, making them popular choices among consumers looking to enhance their home automation and security systems. Additionally, Wyze strongly emphasizes customer satisfaction and community engagement, often incorporating user feedback into product development and improvements. However, it is not enough to stop the Wyze camera breach.

Featured image credit: Wyze

The recent incident in Riverdale, Utah, involving a 17-year-old Chinese exchange student, Kai Zhuang, has brought the unsettling phenomenon of cyber kidnapping to the forefront.

In the quiet town nestled amid picturesque landscapes, authorities found themselves entangled in a complex web of deception, fear, and digital manipulation. Kai Zhuang’s disappearance and subsequent discovery in the mountains unfolded a tale of “cyber kidnapping,” a term that has etched itself into the lexicon of cybercrime. So, first, let’s understand the meaning of cyber kidnapping and understand recent cases better.

What is cyber kidnapping?

The recent Utah incident with Kai Zhuang underscored the real-world consequences of cyber kidnapping cases, exposing the vulnerabilities individuals face online. In this type of cybercrime, bad actors use technology to trick families into thinking a loved one is in danger or missing, demanding money in return for their safety.

For Kai Zhuang’s parents in China, it all started with a ransom note and a troubling photo that suggested their son was being held captive. Fearing for his safety, they paid a hefty $80,000 to the alleged kidnappers. What’s unsettling is that Zhuang, under the influence of these cybercriminals, had been seen by the police before his disappearance but didn’t disclose his situation.

As the investigation unfolded, it became clear that cyber kidnappers not only use virtual threats but go a step further. They coerced Zhuang into isolating himself in the harsh Utah mountains, armed with little more than a tent, minimal supplies, and several phones used for the cyber kidnapping.

In simpler terms, cyber kidnapping is a digital scheme that exploits emotions and technology to convince people their loved ones are in danger, extracting ransom payments in the process. The Utah incident serves as a stark reminder of the real-world impact of this cybercrime, emphasizing the need for vigilance, online safety, and global cooperation to combat such digital threats.

How does cyber kidnapping work?

How do people fall for this? Cyber kidnapping is a complex and manipulative form of cybercrime that exploits digital communication channels to deceive individuals and extract ransom payments.

The process typically involves several key steps:

• Initial contact: Perpetrators initiate contact with the victim or their family through various digital channels such as email, instant messaging, or phone calls. They may use a variety of tactics to make their communication seem urgent, alarming, or threatening.
• Deceptive narrative: Perpetrators create a false narrative of danger, kidnapping, or harm, often supported by fabricated evidence such as ransom notes or distressing photos. The goal is to induce fear and panic, clouding the victim’s judgment and prompting them to comply with the demands.
• Ransom demand: The attackers demand a ransom for the release of the supposed victim. This demand is usually made in a form that allows for anonymous and untraceable transactions, such as cryptocurrency.
• Maintaining control: Cyber kidnappers often use technology to maintain control over the victim. This may involve monitoring the victim through video calls on platforms like FaceTime or Skype.
• Victims might be coerced into isolating themselves or taking photos as a means of ensuring compliance with the demands.
• Emotional manipulation: Emotional manipulation plays a significant role in cyber kidnapping. Perpetrators may threaten harm to the victim or their family, exploiting the emotional connection to increase the pressure on the victim to pay the ransom.
• Financial transaction: Once the victim or their family succumbs to the pressure, they make a financial transaction to the cyber kidnappers. This transaction is often in the form of a ransom payment to secure the release of the supposed victim.
• Virtual confinement: In some cases, victims may be coerced into isolating themselves physically, as seen in the Utah incident involving Kai Zhuang. The perpetrators use a combination of digital and psychological tactics to keep the victim under control.
• Discovery and investigation: Authorities or concerned parties may become involved when the victim is reported missing or when the cyber kidnapping comes to light. Investigations involve tracing digital footprints, analyzing communication channels, and sometimes collaborating with international law enforcement.

Authorities, when faced with cyber kidnapping cases, must navigate the intricate landscape of digital footprints, communication channels, and international collaboration.

Understanding the workings of cyber kidnapping is crucial for individuals and communities to recognize and resist these manipulative schemes. Staying informed, adopting cybersecurity best practices, and reporting suspicious activities are essential steps in mitigating the risks associated with cyber kidnapping.

Roblox biometric location tracking rumors are causing concerns. Visit the related article and learn Roblox’s official statement about it

Cyber kidnapping cases you need to know

While cyber kidnapping cases are not as commonly reported as some other cybercrimes, there have been instances that highlight the severity and impact of this digital menace.

Here are some cyber kidnapping cases:

• Kai Zhuang’s Cyber Kidnapping (Utah, 2021): A 17-year-old Chinese exchange student, Kai Zhuang, was reported missing in Riverdale, Utah. His parents in China received a ransom note and a distressing photo, leading them to pay $80,000 to cyber kidnappers. Zhuang was later found isolated in the Utah mountains, illustrating the real-world consequences of cyber kidnapping.
• Texas Police Officer’s Cyber Kidnapping (Texas, 2018): In 2018, a Texas police officer fell victim to a cyber kidnapping scheme. Perpetrators gained access to personal information and used it to convince the officer that his family was in danger. A ransom was demanded for their safety, highlighting the vulnerability even among individuals with law enforcement backgrounds.
• Chinese students targeted in Canada (British Columbia, 2017): In British Columbia, Canada, there were reported cases of cyber kidnappers targeting Chinese students. Perpetrators used digital means to deceive families into believing their children were kidnapped, demanding ransoms for their release. Authorities issued warnings to raise awareness among the Chinese student community.
• Virtual kidnapping scams in the United States (Various, Ongoing): Virtual kidnapping scams have been reported across the United States, where perpetrators make phone calls claiming they have kidnapped a family member. These scams exploit fear and urgency to extort ransom payments. Such cases highlight the widespread nature of virtual kidnapping schemes.

These cyber kidnapping cases underscore the global reach of cyber kidnapping and the diverse tactics employed by perpetrators to exploit individuals and their families. While not exhaustive, they emphasize the importance of cybersecurity awareness and preparedness to thwart such manipulative schemes.

IoT device security has become an increasingly pressing issue in recent years, as more and more devices become connected to the internet. From smart home appliances to medical devices, IoT devices have revolutionized the way we live and work.

However, the convenience and benefits of these devices come with significant risks. The vulnerability of IoT devices to cyber-attacks and data breaches has made their security a top priority for individuals, organizations, and governments around the world. In this context, understanding the risks and implementing best practices for securing IoT devices has never been more critical.

What is IoT device security?

IoT device security refers to the measures put in place to protect devices connected to the internet from unauthorized access, theft, and damage. IoT devices are typically small, low-powered devices that are embedded in everyday objects and are used to collect, process, and transmit data. Examples of IoT devices include smart home appliances, wearables, medical devices, and industrial equipment.

IoT devices are vulnerable to cyber-attacks due to their inherent design limitations, such as limited computing resources, lack of security features, and reliance on internet connectivity. Therefore, IoT device security involves implementing security protocols and mechanisms to mitigate these vulnerabilities and ensure that the devices and the data they collect are safe and secure.

Importance of IoT device security

IoT devices are increasingly being used in various industries to automate processes, improve efficiency, and enhance the user experience. However, this also means that they are collecting and transmitting sensitive data, which, if compromised, can have severe consequences for individuals and organizations.

Ensuring IoT device security is critical because it protects against data breaches, theft, and cyber-attacks, which can lead to financial losses, reputational damage, and legal liabilities. Moreover, compromised IoT devices can be used to launch large-scale attacks on other devices or networks, creating a ripple effect that can cause significant damage.

Risks associated with IoT devices

IoT devices offer many benefits, but they also come with various risks. The following are some of the risks associated with IoT devices:

• Privacy concerns: IoT devices collect vast amounts of data, which can include personal information, such as user location and behavior. This data can be used for nefarious purposes if it falls into the wrong hands.
• Cyber-attacks: IoT devices can be attacked by hackers who exploit vulnerabilities in their software or firmware. These attacks can cause the devices to malfunction or steal sensitive data.
• Malware: Malware can be introduced into IoT devices, which can then spread to other devices on the same network, causing widespread damage.
• Physical damage: IoT devices can be physically damaged or stolen, which can lead to loss of data and functionality.

IoT protocols 101: The essential guide to choosing the right option

Types of security risks in IoT devices

The following are some of the security risks associated with IoT devices:

• Weak authentication and authorization mechanisms: Many IoT devices use weak or default passwords, making them easy targets for cyber-attacks.
• Lack of encryption: Some IoT devices transmit data over the internet without encryption, leaving the data vulnerable to interception and theft.
• Vulnerable firmware: Some IoT devices use outdated or unpatched firmware, which can be exploited by hackers to gain access to the device.
• Insecure communication protocols: Some IoT devices use insecure communication protocols that can be intercepted by attackers to gain access to the device.

Examples of security breaches in IoT devices

There have been several examples of security breaches in IoT devices, including:

• Mirai botnet attack: In 2016, the Mirai botnet attack compromised thousands of IoT devices, including cameras and routers, and used them to launch a massive DDoS attack on DNS provider Dyn.
• Jeep Cherokee hack: In 2015, hackers remotely took control of a Jeep Cherokee through its internet-connected entertainment system, demonstrating the vulnerabilities of IoT devices in vehicles.
• St. Jude Medical pacemaker hack: In 2017, security researchers found vulnerabilities in St. Jude Medical’s pacemakers that could be exploited to deliver lethal shocks to patients.

The consequences of security breaches in IoT devices

Security breaches in IoT devices can have severe consequences, including:

• Financial losses: A security breach can lead to financial losses for both individuals and organizations, including theft of money and intellectual property.
• Reputational damage: A security breach can damage the reputation of individuals or organizations, leading to a loss of trust and potential customers.
• Legal liabilities: A security breach can result in legal liabilities, including fines, lawsuits, and regulatory sanctions.
• Physical harm: A security breach in certain IoT devices, such as medical devices, can result in physical harm to individuals, including injury and death.

Factors affecting IoT device security

There are several factors that can affect the security of IoT devices, including the complexity of the devices, their interconnectivity with other devices and networks, resource constraints such as limited processing power and memory, and a lack of standards and guidelines for IoT device security.

The vulnerabilities of IoT devices

IoT devices are vulnerable to various security risks, including weak authentication and authorization mechanisms, lack of encryption, vulnerable firmware, insecure communication protocols, and physical damage or theft.

How can data science optimize performance in IoT ecosystems?

The role of IoT device manufacturers

Manufacturers of IoT devices play a crucial role in ensuring the security of their products. They need to design devices with security in mind, implement robust security protocols, provide regular firmware updates and patches to address vulnerabilities, and follow industry standards and best practices for IoT device security.

The impact of user behavior on IoT device security

Users of IoT devices also have a significant impact on the security of these devices. They need to take steps to ensure that their devices are secure, such as changing default passwords, keeping firmware up to date, avoiding insecure communication protocols, and protecting physical access to devices. Failure to take these precautions can result in compromised devices and data.

Best practices for securing IoT devices

Securing IoT devices requires a multifaceted approach. Here are some best practices for securing IoT devices:

• Choosing strong passwords and updating regularly: Users should select strong passwords that are difficult to guess or crack, and update them regularly to prevent unauthorized access to the device.
• Setting up multi-factor authentication: Multi-factor authentication provides an extra layer of security to IoT devices by requiring users to provide multiple forms of identification before gaining access to the device.
• Disabling unused features: Disabling unused features on IoT devices reduces the attack surface and minimizes the risk of exploitation.
• Updating IoT device firmware: Manufacturers regularly release firmware updates to fix vulnerabilities and improve the security of IoT devices. Users should ensure that their devices are running the latest firmware version.
• Avoiding public Wi-Fi networks: Public Wi-Fi networks are often insecure and can expose IoT devices to various security risks. Users should avoid using public Wi-Fi networks to access IoT devices.
• Keeping IoT devices physically secure: Physical access to IoT devices can also compromise their security. Users should keep their devices in a secure location and protect them from theft and tampering.

By following these best practices, users can help ensure the security of their IoT devices and protect against potential cyber-attacks or data breaches.Solutions for securing IoT devices

Securing IoT devices is a complex and ongoing process, and it requires a combination of technical and organizational measures. Here are some solutions for securing IoT devices:

Using IoT device security software

There are many security solutions available that can help protect IoT devices from cyber-attacks. These solutions include firewalls, antivirus software, intrusion detection systems, and security analytics tools.

Implementing network segmentation

Network segmentation involves dividing a network into smaller subnetworks, each with its security controls. This helps limit the spread of cyber-attacks across the network and reduces the risk of unauthorized access to IoT devices.

Conducting regular vulnerability assessments

Vulnerability assessments involve identifying and analyzing potential security risks to IoT devices. Regular assessments help identify new vulnerabilities and allow for prompt remediation before they are exploited.

The strategic value of IoT development and data analytics

Educating users about IoT device security

Education and training programs can help users understand the risks associated with IoT devices and the best practices for securing them. This includes topics such as password management, firmware updates, and how to identify and report potential security incidents.

By implementing these solutions, organizations and users can take proactive measures to secure IoT devices and protect against potential cyber threats.

“IoT security is a marathon, not a sprint”

Securing IoT devices is an ongoing process that requires continuous effort and investment. As the number of IoT devices continues to grow, so do the challenges and risks associated with securing them. However, by recognizing that IoT security is a marathon, not a sprint, stakeholders can take a proactive and long-term approach to securing these devices.

This includes implementing technical solutions, such as firewalls and intrusion detection systems, as well as educating users and adopting best practices for IoT security. By working together and committing to the ongoing security of IoT devices, we can help ensure that they are safe and secure for years to come.

Apple rolls out new security features with iOS 16.2. such as advanced data protection for iCloud, iMessage Contact Key Verification, and Security Keys for Apple ID. These new tools will protect your most sensitive data and communications. But one of them was wanted for a long time; advanced data protection was finally introduced to users.

What are the other new iOS 16.2 features? How to turn on advanced data protection for iCloud? is iCloud safe for photos now? Keep reading and get the latest news about Apple and its new security features.

What is Advanced Data Protection for iCloud?

Apple refers to a number of privacy enhancements under the umbrella term “Advanced Data Protection,” an important element of which is end-to-end encryption of iCloud backups. Advanced data protection for iCloud enables end-to-end encryption for your iCloud backups, making it so that no one else—not even Apple—can access your iCloud data.

By default, iCloud already uses end-to-end encryption to secure 14 different kinds of sensitive data, including health information and passwords in iCloud Keychain. 23 different data categories, including iCloud Backup, Notes, and Photos, are fully safeguarded using end-to-end encryption for users who choose Advanced Data Protection for iCloud. Due to the requirement for interoperability with the international email, contacts, and calendar systems, the only three primary iCloud data types that are not included are iCloud Mail, Contacts, and Calendar.

“Apple makes the most secure mobile devices on the market. And now, we are building on that powerful foundation. Advanced Data Protection for iCloud is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”

Ivan Krstić, Apple’s head of Security Engineering and Architecture

With a few added levels of security, Apple’s new Advanced Data Protection for iCloud feature goes a step further and enables you to encrypt additional data in iCloud, such as:

• Device backups
• Messages backups
• iCloud Drive
• Notes
• Photos
• Reminders
• Safari Bookmarks
• Voice Memos
• Wallet passes

Data breaches and hacks are today’s biggest problems. Check out the latest data breaches and hacks before we continue: WhatsApp data leak, CHI Health data breach, Facebook data breach, Uber security data breach, American Airlines data breach, Medibank cyber attack, and Binance hack.

Why should you turn on Advanced Data Protection for iCloud?

With encryption, you are shielded from all kinds of bad actors who want access to your data. Data encryption is essential for your security, even if you believe you have nothing to hide.

Every day, we all share a lot of private information with people, like our phone numbers, birthdays, and the places we will and won’t be. And if you’re like most people, your iPhone probably has a Notes file with some extremely sensitive information in it. Imagine how harmful that if someone else could easily read that information.

We capture our valuables, loved ones, homes, and things that you might not want a complete stranger to browse through casually.

Additionally, your data is sought after by more than just identity thieves. Many data brokers would love free access to your most private information to create a more accurate digital profile of you.

They can then sell that data to advertising organizations that may view you as an easy target for a quick sale without cutting you in!

While encryption won’t completely stop them from tracking you, it can limit them from learning many things they shouldn’t.

Caution: This is an opt-in function; nothing is done for you automatically. This is a matter of accountability because if you lose access to your account and are unable to use a recovery method to recover it, your data is basically locked away indefinitely.

Here’s how to enhance your account’s security if you are ready to leap.

How to turn on Advanced Data Protection for iCloud?

Follow these steps and learn how to turn on Advanced Data Protection for iCloud:

• Enable two-factor authentication for your Apple ID.
• Update to iOS 16.2, iPadOS 16.1, macOS 13.1, tvOS 16.2, watchOS 9.2, or a newer version on all of your Apple devices.
• On an iPhone or iPad, open Settings (or System Preferences on a Mac) > [Your name] > iCloud > Advanced Data Protection > Account Recovery
• Choose recovery methods. You must configure at least one of these two settings (or both) to activate Advanced Data Protection.
  • Recovery contact: Choose a recovery contact from your contact list—someone you can easily contact if you lose access to your account and who also owns an Apple device. The recovery contact will receive a message with a link that they must tap or click to accept if you pick this technique. Now that they have the key, they can assist you in unlocking your account but cannot do so independently.
  • Recovery key: Create a recovery key, a 28-character code you can use if you ever get locked out of your account to gain access to it. It’s crucial that you store this key someplace secure because Apple cannot recover it for you. Write down the key if you decide to use this approach since you must verify it before using it.
• Return to Settings > [Your name] > iCloud > Advanced Data Protection, select Turn on Advanced Data Protection, and after that, adhere to the on-screen instructions.

When Advanced Data Protection for iCloud is turned on, web access is, by default, disabled files from iCloud.com. That means you can’t access anything there, but to temporarily enable access when necessary, navigate to Settings > [Your name] > iCloud and hit Access iCloud Data on the Web.

Consequences of data breaches: Google location tracking lawsuit settlement, Snapchat privacy settlement, Tiktok data privacy settlement, ATT settlement, T-Mobile data breach settlement, and Equifax Data Breach Settlement

New iOS 16. security features

Along with Advanced Data Protection for iCloud, Apple released iMessage Contact Key Verification and Security Keys.

iMessage Contact Key Verification

With the introduction of iMessage, Apple set the standard for end-to-end encryption in consumer communication services, ensuring that the sender and recipients could only read messages. Since its inception, FaceTime has also used encryption to safeguard the confidentiality of talks.

Users that confront severe digital dangers, including journalists, human rights advocates, and government members, can now choose to verify further that they are messaging solely with the persons they intend by using iMessage Contact Key Verification.

Most users will never be the target of extremely sophisticated assaults, but the function offers a crucial additional degree of security for those who might be.

If a highly skilled opponent, such as a state-sponsored attacker, were ever to succeed in penetrating cloud servers and inserting their own device to eavesdrop on these encrypted communications, conversations between users who have activated iMessage Contact Key Verification would receive immediate alerts. Users of the iMessage Contact Key Verification feature can also compare a contact verification code face-to-face, over FaceTime, or over another secure connection for even greater security.

Security Keys

In 2015, Apple made two-factor authentication for Apple ID available. It is currently the most used two-factor account security solution in the world, with over 95% of active iCloud accounts using this protection.

Thanks to Security Keys, users can now use third-party hardware security keys to further this protection. This tool is intended for individuals who frequently experience targeted threats to their online accounts, such as celebrities, journalists, and public officials, owing to their public personas. Users who choose to use Security Keys are strengthened.

iOS 16.2 new features

What is new in iOS 16.2? These are the upgrades and new features that iOS 16.2 brings:

• Freeform app
• Apple Music Sing
• Advanced Data Protection
• Stage Manager supports external display
• New Home app design
• Wallpaper and notifications for Always On Display
• Contacts only AirDrop
• Software updates
• Sleep Widget on Lock Screen
• Medication Widget on Lock Screen
• Game Center
• Messages Search
• Hide IP Address
• 5G in India
• Live Sports Scores on TV app
• TV App upgrades
• Weather App news
• Live Activities in the TV App
• Silent responses on Siri
• ProMotion Lag
• AirTag alerts
• Crash detection
• SOS calls
• Battery status shortcut

You can also check out Apple Newsroom for detailed information.

• In July, there were 198 reported ransomware attacks, a considerable increase from the 159 logged in July 2021 and a month-over-month and year-over-year increase.
• Additionally, the rise contradicts a generally reliable seasonal trend that witnessed a reduction in ransomware activity from May through June into July.
• This is corroborated by data from the consulting company NCC Group, whose Strategic Threat Intelligence team observed a 45% increase in ransomware attack occurrences for July over the same time last year.

This summer, ransomware operators are back with a fury as monthly assault volumes rise during a period when they usually decline.

The number of ransomware attacks increased MoM and YoY in July

This is supported by statistics from the consulting firm NCC Group, whose Strategic Threat Intelligence team noted a 45% rise in ransomware attack events for July over the same period last year. An increase from June’s 135 attacks to 198 attacks was seen by researchers.

According to NCC Group experts, some prominent ransomware gangs that had previously been hiding out have returned, which has led to an increase in attacks. Having increased their numbers and improved their tactics, those gangs reappeared in July with a vengeance.

“Following the considerable decrease from May to June (from 236 to 135), it is likely that the threat actors that were undergoing structural changes, such as the Conti operators and LockBit, have begun settling into their new modes of operating, resulting in their total compromises increasing in conjunction,” stated the NCC Group analysts.

Along with Conti and LockBit’s comeback, July saw the emergence of a few new ransomware operations. In a month where ransomware attacks increased from five in June to 23 in July, HiveLeaks ransomware operators particularly increased their efforts. With regard to monthly attacks, this was sufficient to move HiveLeaks up from seventh to second.

The most widely used ransomware variation, ahead of HiveLeaks, is still LockBit 3.0. The third-placed malware, Black Basta, was followed by Alphv and Clop, making up the top five.

“This month’s Threat Pulse has revealed some major changes within the ransomware threat scene compared to June, as ransomware attacks are once again on the up. Since Conti disbanded, we have seen two new threat actors associated with the group, Hiveleaks and BlackBasta, take top position behind LockBit 3.0. It is likely we will only see the number of ransomware attacks from these two groups continue to increase over the next couple of months,” said, Matt Hull, Global Head of Threat Intelligence at NCC Group.

The industrial sector was by far the most frequently targeted, with professional and commercial services being the most preferred victims, followed by building and engineering operations.

“Following two major cryptocurrency heists, Lazarus Group seem to be improving their crypto-theft and ransomware operations, so it is more important than ever to monitor their activity closely. Cryptocurrency organisations in the US, Japan and South Korea should remain on high alert,” he added.

The No More Ransom project rescued more than a million digital lives from ransomware gangs

Ransomware operators are driven to the vast attack surfaces that most industrial networks offer, according to NCC Group experts.

“Industrials is a sector that continues to be heavily targeted and successfully compromised due to its broad range of industries within, the costliness of operational disruption, and its vast distribution of operational technology and legacy systems,” said NCC Group.

The number of ransomware attacks increased month over month and year over year in July, with 198 documented ransomware attacks representing a significant rise from the 159 logged in July 2021.

The increase also breaks with a fairly consistent seasonal pattern that saw ransomware levels decline from May and June into July. The analysts pointed out that the development might not have been an isolated anomaly.

Crypto-enabled cybercrimes are on the rise

“As July’s increase takes place just after Conti’s integration into alternative ransomware groups (such as Black Basta) and LockBit’s third metamorphosis, it is likely that this year-on-year disparity is as a result of this,” explained NCC Group analysts. “No such activity was taking place in 2021, and as a result, June-July of 2021’s figures were possibly representative of general seasonal changes in activity,” they added.

• Digital currency proponents have long contended that cryptocurrency and other blockchain-based tokens, such stablecoins, are preferable to traditional finance.
• According to a new investigation by the research group SSRN, the rise of cryptocurrencies has significantly aided in the creation of a “entire criminal ecosystem” that has been built on top of them.
• The authors cite hacking, money laundering, con games, ransomware, “sextortion,” and a flourishing trade in illegal goods as examples of crimes and state that “obviously the data on these crimes are pretty murky.”

The latest statistics show that there are almost 14 million transactions connected to crypto-enabled cybercrimes. Advocates of digital currencies have long argued that crypto and other blockchain-based tokens, such as stablecoins, are a better alternative to conventional finance. Unaffected by geopolitics, national banks, wealthy financiers, insider deals, cartels, fraudsters, and other criminals, this financial system would be owned by the people and accessible to anybody with a phone or computer.

Nearly 14 million transactions related to crypto-enabled cybercrimes are detected

While others have long argued that the purported transparency and inviolability of blockchains would make it more difficult to commit fraud, theft, and financial crime, some even claimed until this year that cryptocurrency would be immune to the drops in value of fiat currencies that frequently occur in financial crises.

While no one disputes that blockchain has its own (boring) uses and that digital tokens have their own good applications, such as programmable money, financial inclusion, tech innovation, and faster, cheaper cross-border transactions, advocates’ loftiest assertions have generally been bunkum. In fact, the lofty rhetoric surrounding cryptocurrencies has frequently served more as a smokescreen for the conceit of currency speculators than as a manifesto for the future.

However, in today’s world, who can blame someone for wanting to gamble or make a fast buck? or to be wealthy enough to have food and heat their homes? The cost of energy is skyrocketing during a time of conflict, multinational corporations are making record profits, and our oceans are clogged with trash and waste. Fewer individuals today can afford to live in cities. So why not create a superior, more equitable capital system?

Unfortunately, years of gains for many crypto coins were lost relatively instantly in the spring. Even several stablecoins lost their links to the dollar, in one instance losing all of their value. A market with about two-thirds of all miners in that nation, many of which were powered by coal, is hardly free of geopolitics, especially before China tightened its controls on Bitcoin last year. (It is still the second-most popular location in the world for cryptocurrency mining.)

Also, millions of loyal followers on social media have allowed multibillionaires to use the platform as a legal kind of networked insider trading, allowing them to tweet about their holdings in niche coins with what appears to be impunity.

A fresh chance for criminals

In this brave new world, the small guy doesn’t stand a chance. But what about cryptocurrency fraud and other financial crimes that, in theory, will be permanently stopped?

According to a recent analysis from the research organization SSRN, the cryptocurrency explosion has in large part contributed to the development of a “entire criminal ecosystem” that has been constructed on top of it.

The authors note that “obviously the data on these crimes are pretty murky” citing hacking, money laundering, con games, ransomware, “sextortion,” and a booming trade in illegal commodities as examples of crimes.

The report states that:

“While the advent of cryptocurrencies and digital assets holds promise for improving and disrupting financial systems through offering a cheap, quick, and secure transfer of value, it also opens up new payment channels for cybercrimes.”

The researchers conducted “the first detailed anatomy of crypto-enabled cybercrimes” and highlighted the economic concerns that they give rise to by assembling a broad combination of public, proprietary, and hand-collected data, including dark web discussions in Russian.

The Russo-Ukrainian War rewrites the laws of cyber-warfare

“Our analyses reveal that a few organized ransomware gangs dominate the space and have evolved into sophisticated, corporate-like operations with physical offices, franchising, and affiliation programs. Their techniques also have become more aggressive over time, entailing multiple layers of extortion and reputation management.”

“Blanket restrictions on cryptocurrency usage may prove ineffective in tackling crypto-enabled cybercrime and hinder innovations. Instead, blockchain transparency and digital footprints enable effective forensics for tracking, monitoring, and shutting down dominant cybercriminal organizations,” the authors explain.

But what exactly is a “crypto-enabled cybercrime,” the report’s main topic?

“Decentralization, privacy, and anonymity have been the building blocks of the cryptocurrency movement since its inception over a decade ago. While the technology has spurred many innovations, cybercriminals’ adoption of cryptocurrencies has become a central issue in the crypto-regulation debate.

Ransomware attacks, money laundering activities, and various crypto-based scams have recently surged, prompting the US president to issue an executive order requiring agencies to establish a course of action. According to the Federal Trade Commission, cryptocurrency is the most reported payment method in frauds – surpassing bank transfers, wire transfers, and credit cards – accounting for $728.8 million (33.5%) of the 2022 year-to-date reports,” the report states.

Alleged cybersecurity issues of Twitter is causing a headache for the firm

It goes on to say that the rise of cryptocurrency has given crooks entirely new chances. For instance, to steal money, hackers take advantage of flaws in decentralized algorithms or centralized organizations like crypto-exchanges. But they must exercise caution, the report continues:

“In these types of attacks, coins are transferred to a blockchain address. Given that these transactions and addresses do not require real names, the attackers are initially anonymous. Indeed, the exploit is available for anyone to see, given that the ledger of all transactions is public here.

[However] while the original exploit is completely anonymous (assuming the address has not been used before), the exploiter needs to somehow ‘cash out’. Every further transaction from that address is also public, allowing for potential deployment of blockchain forensics to track down the attacker”.

Notice the mention of blockchain forensics’ “potential deployment.” Keep in mind that these are almost always transnational operations that may be utilizing phony IDs and networks of networks.

“Beyond stealing cryptocurrency via exchange and protocol exploits, traditional cybercriminal activities are now also enabled with a new payment channel using the new technology – the second opportunity our research focuses on. The use of cryptocurrencies replaces potentially traceable wire transfers or the traditional suitcase of cash, and is popular for extortion.

Criminal organizations also use cryptocurrencies to launder money. According to Europol, criminals in Europe laundered approximately $125 billion in currency in 2018 and more than $5.5 billion through cryptocurrencies,” the report says.

According to the authors, growing bitcoin acceptance also encourages other types of cybercrime, escalating the issue:

“Information about crypto-enabled cybercrimes is typically dispersed, private, and incomplete. Out of the 21,650 reported addresses [BTC addresses linked to criminal activities], sextortion leads the cybercrime report counts (33.8%), followed by blackmail scams (32.3%), and ransomware (23.9%). These three types of cybercrime jointly account for 94.4% of all reported entries on the Bitcoin Abuse system.

Microsoft blocks macros by default but cybercriminals are adopting new tactics

The number of reported related transactions provides a different picture concerning the most active type of cybercrime on the Bitcoin blockchain. Out of the total of 13.6 million crypto-crime-related transactions, ransomware leads most of the on-chain activity (42.5%), followed by Bitcoin tumbler [dispersing Bitcoin in multiple transactions and addresses] (32.0%) and others (22.4%),” the report states.

Nearly 14 million transactions related to cryptocurrency crime! What, though, can be done about it in reality? Government actions are made considerably more difficult by the nature of cryptocurrency markets and blockchains as a distributed, worldwide, people’s financial system. The report continues:

“A one-size-fits-all solution, such as restricting or banning cryptocurrency usage by individuals or organizations, is problematic for three major reasons. First, this is not a national problem. Blockchains exist across multiple countries and harsh regulations in a particular country or jurisdiction have little or no effect outside that country. As we have seen from other global initiatives (e.g. carbon tax proposals), it is nearly impossible to get global agreement.

Second, while an important problem, cryptocurrency plays a small role in the big picture of illegal payments. Physical cash is truly anonymous and, indeed, this may account for the fact that 80.2% of the value of US currency is in $100 notes. It is rare the consumers use $100 bills, and it is equally rare that retailers are willing to accept them.

Third, and most important, expunging all cryptocurrency use in a country eliminates all of the benefits of the new technology. Even further, it puts the country at a potential competitive disadvantage. For example, a ban on crypto effectively eliminates both citizens and companies from participating in Web 3.0 innovation.”

In other words, your money is gone once thieves convert digital bits into analog notes. But there is some optimism, according to the authors:

“The analysis in our paper points to a different tactic. While addresses are anonymous initially, funds are often transferred from one address to another in order to ‘cash out’. All transactions are viewable and immutable – a key feature of blockchain technology.

This opens the possibility of deploying forensic tools with a focus on tracking, monitoring, and identifying the crypto transactions attributed to criminals. Indeed, our research provides a glimpse of what is possible given the transparent nature of blockchains.”

Zscaler, the market leader in security services edge (SSE), unveiled a number of new features in its security platform that are intended for businesses who wish to implement zero trust in the cloud and manage risk from cyberthreats. The announcement coincides with Zscaler’s expansion of its partnership with Amazon Web Services (AWS) to offer a comprehensive solution for businesses migrating to the cloud.

Zscaler Zero Trust Exchange is now equipped with AI and ML capabilities

The Zscaler Zero Trust Exchange, a security cloud that processes more than 200 billion transactions each day and prevents 150 million assaults, now has AI and ML capabilities. These improvements will enable businesses to switch to SSE, which secures access to the internet, cloud services, and private apps. By safely tying together people, apps, and devices over any network, Zscaler makes SSE possible within the Zero Trust Exchange platform.

“The Zscaler Zero Trust Exchange™ is a cloud native cybersecurity platform built on zero trust architecture. Following the principle of least-privileged access, the platform establishes trust based on user identity and context—including location, device, application, and content—and then creates secure, direct user-to-app, app-to-app, and machine-to-machine connections,” the official website reads.

Because of the volume of data being generated by security systems, it is now impossible for humans to examine the data to identify threats and insights, making the usage of AI/ML essential.

Using Zscaler’s AI-enabled zero trust platform, which gathers real-time analytics on threat intelligence from 300 trillion daily signals, organizations can now recognize and stop phishing assaults. With the use of AI-enabled policy recommendations, the improvements also allow user-to-app segmentation to reduce the attack surface. On the basis of a risk score for users, devices, apps, and content, security teams can tailor policies.

Additionally, firms may carry out root cause investigation and address problems faster, preventing interruptions for users. Did you know that P-computers are the future for developing efficient AI and ML systems. This will enable companies to build a more secure working environment in the future.

Zscaler joins the CNAPP market 

A new Posture Control solution that targets hidden security vulnerabilities in cloud-native app environments was revealed with Zenith Live’s second announcement. Posture Control, which is integrated into the Zero Trust Exchange, enables devops and security teams to prioritize and address risks in cloud-native apps early in the development lifecycle, such as unpatched vulnerabilities and incorrect configurations.

Posture Control gives businesses an uniform platform and extends security right into development operations. Zscaler enters the market for cloud-native application protection platforms (CNAPP) with the release of this product. CNAPP is a word that Gartner recently used to define security that safeguards and secures cloud native application architectures, which include microservices and containers.

In order to secure cloud apps during runtime, Posture Control enhances the security features of Zscaler’s Workload Communications solution. Cloud-native and virtual machine (VM)-based apps operating on any service in any cloud can have the same development and runtime security thanks to Posture Control and Workload Communications. As a result, teams from security, IT, and devops can secure cloud apps without interfering with the development process.

Advanced threat and risk correlation is one of Posture Control’s primary characteristics. Multiple security concerns that separately seem low-risk but could potentially result in higher hazards when combined can be evaluated by the solution. Posture Control offers complete insight into hazards across multicloud systems, including serverless applications, containers, and VMs. To provide businesses more flexibility, Zscaler connects with all the main cloud providers, devops tools like GitHub, and development platforms like VS Code.

The relationship between AWS and Zscaler is now extended

Another cloud service provider with a long history of working with Zscaler is AWS. Organizations looking to streamline and consolidate their cloud security operations will now have access to new capabilities thanks to the firms’ collaboration. For instance, AWS is used to operate and build Zscaler’s Posture Control. Zscaler claimed that it selected AWS as the cloud service provider for the solution due to the breadth of offerings, scale, dependability, and popularity among Zscaler’s clients.

Through its Zero Trust Exchange technology, Zscaler also expanded zero-trust security to workloads on AWS. AWS native technologies like Gateway Load Balancer, AWS Secrets Manager, AWS CloudFormation, and AWS Auto Scaling have been integrated with Zscaler. Additionally, the Zero Trust Exchange now directly grants zero trust access to mobile network-connected devices to safeguard workloads operating on AWS Wavelength. The exchange security is a hot debate in the sector and cloud banking was in the spotlight at London Tech Week 2022.

Today, everyone is concerned about cybersecurity, and they should be. Cyber-attacks are on the rise, yet whenever a new IT development appears related to blockchain, people inquire: How safe is blockchain technology? It is an effective tool for ensuring data integrity. But that doesn’t imply it’s completely secure. Before we get started, here is a list of the best blockchain books in 2022 for better understanding. You may have heard about the blockchain talent gap and started to ask what is a blockchain developer. But unfortunately, you find some blockchain implementation challenges and security issues. Don’t worry; we have all the answers. So let’s take a closer look at the issues that threaten blockchain security.

Blockchain security issues and challenges in 2022

The blockchain has grown in popularity over several years as the cryptocurrency markets have moved toward center stage. One reason for its rapid adoption is that blockchain was created to provide unrivaled security to digital data. Rather than cryptocurrencies, there are several blockchain use cases, such as blockchain gaming.

Blockchain—also known as distributed ledger technology—and the cryptocurrencies it powers have experienced plenty of success and failure in their brief existence. And as its applications expand, blockchain security has become essential—not just for cryptocurrency investors.

Blockchain is a decentralized, distributed ledger that maintains a record of all transactions. To guarantee transaction trust it relies on consensus, decentralization, and cryptography. However, many blockchain security problems have already emerged due to bad technology applications.

In theory, because blockchain is decentralized by design, it is an ideal technology for cybersecurity. The ledger technology has a wide range of applications in areas such as medical and financial data sharing, anti-money laundering monitoring, and encrypted messaging platforms. But in practice,

• The blockchain has already been hacked.
• You can make mistakes when using the blockchain and open yourself up to insecurity.
• Like any other software, Blockchain apps are susceptible to the same flaws as other programs: coding errors and vulnerabilities that allow hackers to gain a foothold.
• The security of blockchain applications, technologies, and services is dependent on their inherent weaknesses.
• We have yet to witness a blockchain-based large-scale application, which might destroy it.
• The blockchain is only as secure as the computing power that runs it. As more powerful computers and sophisticated algorithms begin to dominate the market, hackers will increasingly have an advantage.
• Hackers will always compromise the security of the blockchain in some way.

However, if you do your research correctly, you can always be ready for problems. What are these issues, though?

Phishing attacks

A phishing attempt is when a fraudster tries to access a user’s credentials. Fraudsters send email messages that appear to be from a legitimate source and ask users for their wallet keys. Users are requested to provide their credentials using fraudulent links in the emails. Having access to a user’s sensitive information and credentials may result in losses for both the user and the blockchain network.

Routing attacks

Digital assets and transactions are recorded on blockchain ledgers in real-time. Hackers can tamper with data as it travels from the user to internet service providers. Blockchain participants are typically unaware of the danger since they can’t see it, so everything appears normal. On the other hand, fraudsters have access to sensitive information or money.

Sybil attacks

Hackers may use a Sybil attack to create and utilize many fraudulent network identities to clog the network and bring it down. The term “Sybil” refers to a memorable figure from a famous book that was afflicted with a multiple personality disorder.

51% attacks

Mining necessitates significant computing power, especially for large-scale public blockchains. However, if a miner or a group of miners gathered enough resources, they could seize more than 50% of the network’s mining power. Having more than 50% of the power implies having control over the ledger and the ability to modify it.

51% attacks are not possible on private blockchains. If you don’t know what private blockchain is, we have already explained 4 types of blockchain, including it.

So, how can we prepare against these blockchain security flaws?

Blockchain security best practices

Consider the following essential questions while developing a blockchain solution:

• What is the governance structure for participating organizations or members?
• What information will be included in each block?
• What are the relevant regulatory standards, and how can they be met?
• How are individuals’ details handled? Are block payloads encrypted? How are keys generated and revoked, and how are they secured?
• What is the plan for surviving in the event of a breach?
• What is the bare minimum security posture for blockchain participants?
• What’s the logic behind resolving blockchain block conflicts?

When creating a private blockchain, make sure it’s built on a secure and stable foundation. Poor technological choices for business requirements and procedures can expose data security vulnerabilities.

Consider both business and governance risks. Financial issues, reputation concerns, and regulatory issues are examples of business risks. Blockchain solutions’ decentralized nature raises governance risks, which need tight control over decision criteria, rules, identity, and access management.

Blockchain security is all about managing blockchain network threats. A blockchain security model comprises the plan to use security measures for these controls. To ensure that your blockchain solutions are adequately protected, develop a blockchain security model.

Administrators must build a risk model to address all types of risks to the blockchain solution. Administrators must then assess the dangers to the blockchain solution and develop a threat model. After that, they must outline security measures to reduce threats and risks based on the following three categories:

• Ensure that unique security controls are in place for blockchain.
• Use traditional security methods
• Implement corporate policies on blockchain

You can check the cybersecurity best practices article for a better understanding. Besides them, you may always learn something new.

3 best blockchain security certification courses in 2022

Blockchain certification is a process that gives individuals the required set of abilities to be competitive blockchain experts. Second, it allows you to work in the blockchain sector with confidence, competence, and authority. You could apply for blockchain security positions or get ready for blockchain security vulnerabilities.

Certified Blockchain Security Expert (CBSE)

Certified Blockchain Security Expert (CBSE) teaches you how to think about blockchain security from both a theoretical and practical standpoint. You will have a greater understanding of blockchain security threats, be better able to carry out a vulnerability assessment and blockchain threat modeling, as well as learn how to construct secure blockchain systems after this course.

Cost: $399

Certified Blockchain Expert (Blockchain Council)

The Blockchain Council Certified Blockchain Expert certification is a self-paced, 8-hour course that teaches students about blockchain technologies, mining, and security procedures. Students are educated on real-world applications for blockchain technologies in various verticals such as finance, healthcare, insurance, government, and telecoms.

Cost: $149

Certified Blockchain Security Professional (CBSP)

The CBSP exam is a sought-after credential for demonstrating your knowledge of Blockchain security. You’ll be quizzed on Blockchain network risk identification and prevention and the use of best practices and risk reduction techniques. A prep course and a study guide are included in the full package.

Cost: $545

After all this certification and training, it wouldn’t be surprising if you look at blockchain security jobs. But do they make enough money to be worth all the effort?

How much is a blockchain security salary?

The average yearly salary for a blockchain security specialist in the United States is $157,500, or $80.77 per hour. Salaries can differ significantly depending on the economic climate in each nation, as we saw in cloud computing jobs. For job advertisements, you may go to the websites of top blockchain security firms.

Best blockchain security companies in 2022

Cyber Security’s adoption of Blockchain has provided the means to provide agile solutions for data security and protection. Hacker intrusions compromise systems and devices. Businesses are using blockchain as a defensive measure against cyber assault threats. The following advantages are advanced confidentiality and integrity, secure messaging, authentication fortification, strengthened public key infrastructure, and more. So, these are some of the best blockchain security companies:

• Chainalysis
• Simplex
• Casa
• Hacken
• Armors Labs

In the era of the digital workplace, enterprises are utilizing cutting-edge technologies and today we are going to discuss how AI in security systems could help businesses increase their cybersecurity.

Artificial intelligence (AI) is becoming more prevalent than you may realize. AI technology is used in a variety of important industries, including healthcare, transportation and finance, as it automates processes and allows people to work more efficiently.

Detecting threats can be done by AI in security systems

AI is being introduced into commercial security systems and beginning to change technology. Modern security systems with AI capabilities can assist security personnel in better detecting threats and reacting more quickly to safeguard their company.

AI can be used by businesses to allow security operators to analyse data more effectively and streamline processes, allowing teams to shift their attention away from less important concerns in order to better detect anomalies as they develop.

AI in security systems allows your teams to give improved and faster responses to threats, enhancing the security of your business.

Another application for AI is to automate responses using its learning capabilities. AI can be utilized to analyze data patterns over time and learn from them. By automating routine procedures, AI frees security teams to focus on the most important issues.

In many cases, AI allows users to complete essential activities more effectively while still maintaining data safety and organizational standards for optimum performance. AI technology is also able to assist in the analysis of combined data streams, as it can be used to analyse both physical and cybersecurity systems. You can also learn how does AI overcome the fundamental issues with traditional cybersecurity, by visiting our article.

Learned behaviors can help security teams control the millions of data points coming from across an organization’s multiple systems by pinpointing issues with automated notifications and conducting efficient audits over time.

If your security team repeatedly dismisses a specific warning on their video surveillance system, an automated response will develop that AI technology will identify. It may result in an automated response to delete this alert, resulting in fewer unneeded alerts.

AI is able to quickly process data and make decisions based upon it, eliminating the need for manual labor. However, it’s critical that your system keeps a log of all alerts and activity so that it may be reviewed on a regular basis to ensure optimal performance.

AI enhances accuracy of security systems

Automated responses and processes provided by an AI may have a major influence on the productivity and accuracy of your converged security system. There is a need for security teams to be more flexible and accessible as employees adopt more hybrid schedules. Cyber and physical security teams can benefit from AI’s adaptability and efficiency even as data and information grow in volume.

By analyzing activities across your infrastructure and detecting unusual activity, AI in security systems can eliminate unnecessary responsibilities on your converged security team, allowing them to devote their attention to more essential things.

For instance, if a delivery person rings the doorbell on the reader, the intelligent voice system may pass the call to the correct individual based on responses from the visitor. Depending on tenants’ availability and door open/close timings, calls may be routed to secondary teams or a voicemail service.

AI in security systems can be used to assist your personnel in identifying which areas require immediate attention, generating real-time alerts, and increasing productivity to guarantee that your company remains safe and performs at its best.

AI can be used to enhance commercial security systems in a number of ways. Detecting anomalies and behaviors are two excellent examples. It’s tough for security experts to keep track of each and every occurrence on the network, so data-driven AI learns to identify particular changes or patterns.

User interactions, data packages delivered throughout the net, and network hacking attempts are all examples of such unexpected patterns that AI may identify. Using a baseline of what is normal and what isn’t, AI can spot unusual network activity. Video security software can use AI to notify security personnel to look for out-of-the ordinary motion or conduct. For example, Ava Aware’s video security software uses artificial intelligence to identify unusual motions or behavior.

When an AI detects something unusual, it can notify security personnel, allowing them to assess and respond. Even if your security team is away from the workplace, remote access and real-time alerts would allow you to keep your on-premises and cloud-based security systems secure.

AI isn’t flawless. Although it is beneficial in detecting anomalies to normal patterns and assaults, it isn’t perfect. Advanced attacks may disguise their signature and deceive AI in security systems into disregarding the danger. Not only security, but AI in manufacturing is also shaping the future of Industry 4.0.

It’s still crucial to monitor and intervene, and you should never rely on AI alone to secure your security systems. Overall, AI can help your team identify threats and abnormalities across your security system on a large scale, allowing security teams to proactively safeguard your company.

The healthcare industry, like many sectors, is undergoing a substantial data-driven transformation. New technologies like telehealth platforms and the internet of things (IoT) generate more granular medical data and make it more accessible. While this has many benefits, it also raises considerable healthcare data security concerns.

There were 714 healthcare data breaches of 500 or more records in 2021, almost doubling 2018’s figure. Personal health information (PHI) is highly sensitive, making it a tempting target for cybercriminals. As the industry becomes increasingly data-centric and embraces new data-sharing technologies, security must evolve alongside it.

Here’s a closer look at the future of healthcare data security.

Changing regulatory landscape

One of the most substantial changes taking place is an evolving regulatory landscape. Laws like HIPAA provide little specific guidance for today’s data transfer and security needs, so new legislation will likely replace or amend them. Data professionals in the sector must prepare to adapt to these changing regulations.

The Trusted Exchange Framework and the Common Agreement (TEFCA) is one such new regulation. While TEFCA is a non-binding agreement, many healthcare organizations will likely join it to enable easier cross-country medical data sharing. Participants’ data workers must then ensure their processes don’t fall under new definitions for information blocking and meet TEFCA’s security standards.

Even regulations that aren’t necessarily about security will impact data privacy considerations. The No Surprises Act, which applies to virtually all health plans in 2022, prohibits billing for emergency services by out-of-network providers. This will likely require more remote data sharing, which data professionals must ensure is secure.

Increased patient access and control

Another trend that’s reshaping healthcare data security is increasing patient access. Consumers demand more transparency and control over their medical information, and technologies like telehealth provide it. Balancing this accessibility with privacy may prove challenging.

Limiting access privileges is crucial in data security, so expanding access to patients who may lack thorough cybersecurity awareness raises concerns. Basic human error accounted for 31% of all healthcare data breaches in 2019, and medical organizations can’t train consumers as they can employees. Therefore, data professionals must design a data access platform that accounts for users who will likely make mistakes.

By default, medical apps and consumer IoT devices should enable security measures like two-factor authentication and encryption. Teams can also lean into increasing user control by informing users of relevant security concerns and letting them choose how these apps use their data.

The rise of synthetic data

Machine learning is also gaining rising prominence in healthcare applications. Intelligent algorithms can help make faster and more accurate diagnoses and enable hyper-individualized healthcare, but training them poses a problem. Data scientists must ensure they don’t accidentally expose sensitive medical information while building these models.

The answer lies in synthetic data. Using this artificially generated information instead of real-world PII eliminates the risk of accidental exposure during training. The Office of the National Coordinator for Health Information Technology (ONC) has recognized this need, leading to the creation of Synthea this year.

Synthea is a healthcare data engine that generates synthetic medical records based on publicly available health information. Similar resources could arise in the near future, too. As machine learning in healthcare rises, data scientists must embrace these tools to train models on synthetic data instead of the riskier but potentially more relevant real-world PII.

Healthcare data security is evolving

The rise of data-centric technologies and processes presents both a boon and a challenge for data professionals. This evolution in industries like healthcare offers new, promising business opportunities, but it comes with rising security concerns. As data scientists help the sector capitalize on digital data, they must ensure they don’t increase cyber vulnerabilities.

These three trends represent some of the most significant changes in the future of healthcare data security. Data professionals must monitor these developments to adapt as necessary, providing optimal value while improving safety and compliance.

Phishing email detection is key in order to prevent cyber-attacks through which fraudsters entice users to send money and sensitive information, or to install malware on their computer, by sending them fraudulent emails or messages. Because phishing attacks have grown more prevalent, developers have worked hard to create more sophisticated detection tools in order to protect potential victims.

What is the phishing email detection tool?

A technique created by researchers at Monash University and CSIRO’s Data61 in Australia may assist users to avoid installing malware or sending valuable data to cyber-criminals. This phishing email detection method was originally published on arXiv and will be presented at a cyber-security conference called AsiaCCS 2022.

One of the researchers, Tingmin (Tina) Wu told: “We have identified a gap in current phishing research, namely realizing that existing literature focuses on rigorous ‘black and white’ methods to classify whether something is a phishing email or not.”

Researchers have attempted to build a phishing email detection model that can automatically scan emails in people’s inboxes and identify phishing emails. Most of these approaches, on the other hand, were found to just detect a small number of patterns, leaving many harmful emails undetected.

“In contrast with other ‘black and white’ methods, we hand the power to decide whether something is suspicious over to the users, by equipping them with easily understandable machine results and conversions,” Wu said. “The reasoning behind this is that recent phishing attacks might not have obvious malicious patterns but instead can leverage human psychology to persuade users to hand over their personal information,” she added.

Researchers were seeking a solution when they noticed that automated phishing email detection methods didn’t deliver good results. Researchers began focusing on the development of detection support tools, such as security warnings, which allow users to make the last decision about whether to delete emails or not. These alerts, however, were also found ineffective since they might be too technical for basic users.

Researchers created phishing detection alternatives for non-expert users

For this purpose, the researchers established out to create an alternative tool for non-expert email users to identify which messages are safe and which are hazardous. The summary they created was intended to be more “digestible,” highlighting emotional triggers, the major content of the text, and the outcome of an intent analysis.

“Our system summarizes phishing emails from three different angles to users to make informed decisions,” Wu explained. “Firstly, we summarize the emails using a variety of machine learning models to create an accurate, short summary so that users can quickly be aware of the most important content in the email,” she added.

The phishing email detection tool developed by Wu and her colleagues watches for the possible goal of phishing emails after it creates a digestible summary of email content, in order to help users make more informed decisions about what to do with the message. It displays them if an unknown contact’s email asks them to click on a link, for example. Finally, the approach developed by researchers seeks to identify emotional triggers as well.

“We derive a model to extract the cognitive triggers based on the language used in the emails. One example of a psychological weakness used by attackers is that users might tend to obey the request when it comes to punishment if not complying with it. The information from these three branches is merged to support users to make the final decision,” Wu explained.

Rather than merely detecting and filtering potentially harmful emails, the method developed by Wu and her colleagues simulates a summary of emails that users may then use to determine what to do with various messages in their inbox. Non-experts can learn to recognize typical patterns in phishing by themselves if they use the tool on a regular basis.

The researchers’ model integrates a variety of cutting-edge phishing email detection techniques into a single, succinct “informational package.” In contrast to previous proposals, it offers consumers chances instead of “hard truths,” preventing mistakes that might result in critical communications being lost.

“Our system is designed to address the challenges of improving the readability and effectiveness of generated information on phishing emails. While most of the current warnings are generated based on the URL, our method focuses on generating useful information around the intention of the emails. That is, to help users identify the phishing attempts by better leveraging their contextual knowledge and aim at the latest trending tactics, e.g., using phishing emails that can easily bypass URL-based detection,” Wu said.

The recent research conducted by this team of researchers offers a new approach for reducing the impact of phishing attacks that do not rely on error-prone automatic systems or pop-up windows that users usually overlook. The group has so far produced a proof-of-concept version of their program, but they now intend to expand it further.

“We now plan to continue improving our system. We will keep collecting the new datasets and make sure the model can extract the useful contents from the emails no matter how the attacking tactic evolves. We will also conduct a large-scale user study to ensure the system is user-friendly and effective,” Wu explained.

In the future, Wu and her colleagues’ phishing email detection tool might open up new possibilities for fighting cyber-attacks. It could also help email providers train basic users to identify these malevolent communications on their own, lowering their impact.

“Human-centric systems are the first step toward leveraging the complementary intelligence of humans and machines. Some future studies are still needed, e.g., to investigate the impact of the human factors on the final decision, to understand users’ habituation in long-time interacting with the warnings and implementing the system in a broad area in cyber-security, not only phishing,” Wu said.

IoT security is a subset of information technology that focuses on securing connected devices and internet of things networks. When bad actors search for IoT security flaws, they have a high probability of hacking vulnerable devices. Industrial and equipment connected to them robots have also been hacked. Hackers can alter control-loop settings, interfere with manufacturing logic, and change the robot’s status of those devices.

While the Internet of Things revolution benefits manufacturers and consumers, it also comes with significant security concerns. As more devices are connected, the difficulty of securing them all increases dramatically. IoT devices require physical security, software, and network integrity to function correctly. Any connected object, from refrigerators to industrial robots, can be hacked without end-to-end security mechanisms.

What is IoT security?

IoT security refers to the various techniques used to secure connected devices. The term “Internet of Things” is comprehensive. With technology continuing to advance, the term has only grown more so. Today, almost every technological device can connect to the internet or other gadgets, from timepieces to thermostats, refrigerators, and video game consoles. IoT security is a collection of methods, tactics, and tools for securing these devices from being hacked.

IoT security is much more extensive than just protecting the Internet of Things devices. This has led to many IoT security solutions falling under the category. API security, public key infrastructure authentication, and network security are just a few methods that IT executives may utilize to combat the increasing danger of cybercrime and terrorism based on insecure IoT devices.

IoT Security by design

Security by design is a way to ensure that security is a primary consideration at every stage of product development and deployment. By keeping security in mind from the start, you can deliver a secure application or system. Products developed with this approach are called “secure by design.”

Security by design entails building security into software and hardware from the ground up rather than as a post-hacking measure. As technology firms continue to produce a slew of IoT goods for customers and businesses, the need for security by design has never been more critical. Because these internet of things gadgets are linked to the internet, they are vulnerable to remote hacking. Furthermore, most of these gadgets were built without any security measures, making them ideal targets for hackers.

Historically, security requirements in hardware deployments and IoT design instances used to be postponed to late phases of development processes. The secure by design approach changes this by favoring security in every development phase, instead prioritizing speed to market.

The security by design approach requires that IoT security be addressed initially. Devices must be secured in the proper location and at the appropriate level to meet each implementation’s requirements.

A secure IoT architecture must start with security design. Secure data encryption, digital signatures of messages, and over-the-air device and security updates require pre-embedded identifiers and encryption keys.

During the design process, security by design strategy applies to establishing a solid foundation of trusted digital device identifiers and credentials securely stored in the foundations of devices. Device cloning, data falsification, theft, or misuse can all be prevented with secure credentials. Organizations can protect extra sensitive IoT applications against physical and digital access attempts by storing IDs and credentials in tamper-resistant bodies.

IoT security challenges

IoT security is an issue for businesses since the devices they deploy are likely to have several security flaws. IoT devices are not always running the most up-to-date version of their operating systems, which implies that the IoT device’s operating systems may contain known vulnerabilities that attackers can use to control or damage these IoT devices.

• IoT devices rarely come with built-in security mechanisms and tools. Because of this, the attacker has an excellent chance of infecting the devices with malware that allows them to use them in an attack or access sensitive data collected and processed by IoT devices.
• Even those designed to be secure and safe, every software must be maintained with updates to function securely or adequately. The unique deployment problems of IoT devices make it unlikely that they will receive regular upgrades. These security gaps make the devices highly vulnerable to targeted attempts.
• IoT devices face several password-related difficulties. Manufacturers frequently set default passwords for their devices, but users do not change them before or after installation. Manufacturers also embed hardcoded passwords in their systems that users cannot modify. The weak passwords used on these IoT devices put them at significant risk. Attackers can just log in to these systems with little effort using these easily guessed passwords or simple brute-force attacks.
• IoT devices are frequently built to be placed in public and remote areas where a hacker may gain physical access to them. This physical access might enable the intruder to go around existing security measures within the device.
• Specific network protocols have been classified as no longer recommended. because of their lack of built-in security. However, IoT devices are notorious for utilizing these unsecured protocols, putting their data and privacy at risk. IoT security is a crucial element of any organization’s cybersecurity strategy since all these threats represent significant risks.

Common cyberattacks targeted against IoT devices

Due to the popularity of these gadgets being put on business networks, IoT devices pose a significant risk to enterprise cybersecurity. These devices are frequently vulnerable to attacks. Cybercriminals have used these flaws to launch various typical assaults on IoT devices. The common IoT attacks are direct exploitation, botnets, and data breaches.

Printers and scanners are common access points to an organization’s network for hackers. Since everyone needs to be able to use the printer, these devices are rarely protected by firewalls and frequently have exceptional permissions. Attackers may use this to gain initial access to a network via the printer, subsequently expanding their access via the corporate network.

IoT devices are computers linked to the internet, allowing them to be used for automated assaults. Hackers might utilize an IoT device to launch Distributed Denial of Service (DDoS) attacks, attempt to obtain unlawful entry to user accounts via credential stuffing, spread ransomware or other malware, or take various harmful actions against an organization’s systems if a botnet has compromised it.

Sensitive data, significant operations, and cloud subscription services are all common in IoT devices, making them a significant target for hackers. For example, accessing connected cameras or cloud services might allow attackers to obtain potentially sensitive data or other valuable information.

Internet of Things (IoT) solves the critical problems of many sectors, from production to health, from transportation to logistics. However, the increasing security risks for IoT networks require caution when taking advantage of connected devices.

Interconnected IoT objects are not the same devices, objects, or services. Each object has a different purpose, interface, operating mechanism, and underlying technology. Given this diversity, applying a single security structure and approach for all objects is not enough to provide the security needed for IoT networks. IoT security initiatives protect IoT devices connected over a network with preventive methods and aim to prevent large-scale cyber-attacks that can be carried out over them. Like any other computing device, IoT devices are potential entry points for attackers to breach a company’s network. Therefore, robust security measures are needed to protect them.

Today, the scope of IoT has expanded to include traditional industrial machines, equipping them with the ability to connect and communicate with a network. You can see that IoT technologies are now used in medical devices or for various purposes such as education, manufacturing, business development, and communication. Increasing use cases make the security of IoT networks more critical than ever before. According to the Gartner, 61 percent of companies’ IoT networks and strategies show a high level of maturity.

IoT devices can connect to a network or the Internet to exchange data with other connected objects or centers. These devices are not limited to smart TVs or smartwatches. Printers, washing machines, air conditioners, smart sensors, and other industrial machines connected to networks are also IoT devices. The way IoT is implemented today requires institutions and organizations to have ecosystems consisting of many different devices. It is crucial to utilize a combination of IoT security solutions, strategies, and techniques rather than traditional approaches to ensure the security of this ecosystem.

Security tips for IoT networks

Companies can take a few main measures to ensure the security of their IoT networks. These include using authorized software on IoT devices and authenticating an IoT device on the network before collecting or sending data. Because they have limited computational capability and memory, it is necessary to set up firewalls to filter packets sent to IoT endpoints.

On the other hand, you should also ensure that updates and patches are installed without consuming additional bandwidth. In addition to the general security measures above, we recommend that you consider some unique security approaches when planning the security of IoT devices. In addition to device and network security, you also need to ensure the physical safety of the overall IoT and communications infrastructure.

You can adopt the following security approaches to secure IoT devices:

• Ensure physical security: Keep IoT devices relatively isolated and protected from physical access.

• Deploy tamper-proof devices: Use tamper-proof IoT devices. These devices deactivate themselves when tampered with.

• Keep firmware up-to-date: Be proactive in applying updates and patches to your devices as soon as manufacturers release them.

• Run dynamic tests: Run tests to uncover hardware code weaknesses and vulnerabilities.

• Set device replacement procedures: Set procedures for replacing IoT devices when they become obsolete. Carelessly discarded or discarded devices can pose a threat to corporate data and serve a variety of malicious purposes that harm your organization.

• Use strong authentication: Avoid default passwords that pose a password hacking threat. Use complex passwords for authentication and update them periodically.

• Leverage adaptive authentication: Adaptive authentication, or context-sensitive authentication (CAA), uses contextual information and machine learning algorithms to assess malicious intent. In this way, users are asked to perform two-factor authentication in scenarios that are perceived as high risk.

• Implement strong encryption and protocols: Allocate secure data transfer media using strong encryption on Bluetooth, Zigbee, Z-Wave, Thread, Wi-Fi, cellular, 6LoWPAN, NFC, and similar IoT protocols.

• Limit device bandwidth: Limit network capacity and bandwidth to the lowest possible value, sufficient for device operation but not usable in IoT-based distributed denial-of-service (DDoS) attacks.

• Segment the network: Divide your network into smaller local IoT networks using virtual local area networks (VLANs), IP address ranges, and a combination of these. This partitioning process allows you to create different security zones and specify different segments controlled by firewalls.

• Protect sensitive information: Prevent sensitive personally identifiable information (PII) leaks by restricting the discovery of IoT devices. Require authorized clients to implement appropriate service mechanisms and authentication protocols to discover the IoT device.

Towards the end of 2021, the Facebook (now Meta) family of apps cost the company nearly $100 million in revenue thanks to a six-hour-long outage. In addition to revenue losses, it drove millions of users to rival platforms, such as Twitter, Telegram, and Signal.

The problem of website downtime is not limited to behemoths like Meta. Uptime Institute’s 2021 Global Data Center Survey reveals that outages are an expensive business for all. Over 60% of the respondents reported losing more than $100,000 to downtime, and of that 60%, 15% lost over $1 million. 

So it’s no surprise that companies from SMEs to corporates are looking to mitigate downtime as much as possible. One of the most common weapons in the armory is a content delivery network (CDN), a distributed group of servers that work together to provide fast delivery of Internet content.

Because CDNs cache content like web pages, images, and video in proxy servers near to the physical location of the visitor, the originating website could be experiencing issues, but visitors will still get the latest version of the content in your browser. CDN platforms also offer other significant security benefits, and increased website speed aids SEO since Google and others pay attention to how fast pages load.

Mlytics – a digital content delivery and experience monitoring provider – has launched a complete “belt and braces” approach to CDNs, providing its users with a SaaS-based platform that optimizes between multiple providers.

The AI-powered solution re-routes traffic to the most effective CDN’s globally. The routing decision is based on live data such as efficiency or outages, which then avoids disruptions and optimizes the experiences from top to bottom in a way conventional CDN’s aren’t able to do.

“The beating heart of Mlytics is its proprietary Multi CDN solution, leveraging multiple top-tier CDN networks and a smart load balancing solution to constantly deliver the best possible website performance and therefore user experience for any location,” Tars Geerts, Demand Generation Manager of Mlytics, told me,

The platform allows access to the leading CDNs and then manages the process of leveraging each platform’s features.

“Top-tier CDN solution providers like Cloudflare, Fastly, and Akamai all have reliable solutions and have proven to elevate their customers’ websites performance and security,” Geerts said. “However, single CDN solution providers can be – and as recent history has shown – are still causing downtime whenever their services experience bugs or technical glitches.”

Importantly, implementing the solution is straightforward, achievable with a few clicks, and the company claims that ongoing management is minimal.

“In essence, it is possible just to set up the account and let the platform with its load balancing solution run its course,” Geerts said. “In other words, there is no extra maintenance required. On the contrary, almost everything is fully automated. On average, the setup and implementation of a Multi CDN solution via the Mlytics platform takes less than 5 minutes if customers choose to use Mlytics DNS, or about 20 minutes, depending on how long it takes to set up your DNS.”

Of course, you may already be wondering what it might cost to maintain multiple CDNs and then add Mlytics on top. With pricing plans from free to $500 a month and a custom enterprise plan, MLytics says that CDN costs are typically not affected.

“By default, users will have access to 3 different CDNs, namely Cloudfront, Stackpath, and GMA, and no additional costs are calculated for these CDNs,” Geerts said.

Recently, MLytics was officially recognized in Gartner’s Market Guide for Global CDN, and it has plans to expand its solutions beyond its current offerings.

“Mlytics is building an ecosystem, built to enhance digital experience delivery and monitoring,” Geerts said.

It may not be the answer for the “S” in SME. Still, given the revenue, user, and reputational losses involved in downtime, and the risk of putting all eggs in one CDN basket, it certainly offers an interesting approach to the problem.

This article originally appeared on Grit Daily and is reproduced with permission.

Smart home devices are used to monitor or control the environment in our homes. These marvels of technology make life easier by handling changes in temperature, lighting, entertainment systems, and other appliances. But while they’re the height of convenience, we can’t ignore the security nightmare being created by their use.

So how smart is it to connect all the appliances, even alarm and security systems, to the internet? We do not have standardized security measures for the devices that are making their way into our homes, but with the convenience they offer, many times that outweighs the application of common sense. With every additional smart device in a home’s network, the system becomes more complex and more at risk. 

The smart home device market has grown immensely, and there are 258 million smart households worldwide. However, 40.8% of these households have at least one smart device vulnerable to cyber attacks. In an increasingly online world, where our homes are the center of our work and private lives, data privacy and security are crucial.

What are smart devices, and when did they come into our lives

We can trace smart devices back to the early 1900s. With the evolution of technology, the definition of what makes a smart device has changed. You could even argue that the very first vacuum cleaner in 1905 was a smart device for its time.

The first device that fits today’s understanding of smart home technology was the Echo IV in 1966. This machine took up enough space to fill an entire room, but it performed most of the features that smart devices today are capable of. Echo IV could control the air conditioning, TV, and keep track of things for you.

Of course, today, we can fit an Echo IV in the palm of our hands, with wireless internet, BlueTooth, cameras, and processors that have 25,000 times the clock speed of that home automation pioneer. Switching on your TV is expected; today, we talk to speakers that do your online shopping, schedule your tasks, and even help conserve resources like electricity and water. 

Where is the security risk?

When looking at convenience and accessibility, smart homes seem to be the obvious answer. You can control your home’s appliances, your locks and alarms, lighting, and heating, all from a single tablet or smartphone. These technologies have proven that they are helpful, and we know that they have become increasingly affordable.

The risk comes in when we realize that our cybersecurity measures have not improved at the same pace. Smart home security systems often have cameras connected to the internet, installed to keep your homes safe but are vulnerable to hackers. The same smart security system can be manipulated by a third party to breach your privacy. 

For example, the use of smart locks on external doors raises many questions. A skilled hacker can easily breach them, and a brilliant one can hide their nefarious activities. And while the common counter-argument is that crooks can pick locks and doors can be broken open anyway, both activities leave physical evidence; something insurance companies typically require before they will payout on a claim. However, that’s changing.

Some insurance companies are offering discounts for consumers with smart security systems. Smart sensors, locks, and thermostats can lower your premiums if your home insurance provider has decided to embrace home automation systems. While there are definitive pros to installing these devices, other than the financial incentive – such as faster fire detection and guest access when you’re unavailable to let people in – you can’t ignore the security issues. The insurance industry has not standardized or decided on its approach, so it’s essential to research this aspect carefully.

Voice assistants by Amazon, Google, Microsoft, and Apple are also risks for our data privacy. They accidentally activate several times a day and record audio (even if you are not directly speaking to the device). The shocker here is that most of the audio that the voice assistant records is stored on company databases. Human workers review these recordings in the process of improving the device.

While the companies make assurances that the recordings are not stored in correlation with the user and that all the voice data is kept confidential, it is disturbing to come to terms with the idea that people listen to what we say to our devices. This is a hole in the privacy of our homes, and it is something to be wary of. 

All the instructions you give your voice assistant, like home address, financial details, and information that may have been accidentally recorded, are stored with the device manufacturer. With the merging of workplace and residence during the pandemic, a significant amount of potentially confidential data is at risk because of these smart devices. Thankfully, there are a few settings that you can change to delete your recordings or opt-out of having a human review your recordings. 

How do we keep our systems secure?

With the overwhelming information indicating that our convenience comes at the cost of our privacy, the next question is how to protect our data. Data privacy and security need to be prioritized as we further delve into the digital space, with information being collected and analyzed from every part of our lives. 

Before buying any smart device, read reviews that focus on the product’s security and what data is recorded and stored. Independent reviews of the product will help understand what the risks are. A few general searches for “smart home security” and “smart device security teardown” will deliver articles that help understand the risks of owning a smart device. 

While in-depth vulnerability services like IoT Inspector and others exist, they focus on organizations at present, so they’re expensive for the average home-owner, but they are also worth considering if the cost is a small percentage of the potential loss. Employing a white hat hacking company is also an option for complex smart home setups. 

If you intend on adding smart devices to your home network, it is vital to use strong passwords and have different passwords for each device. A password manager like Dashlane can come in handy by generating and saving the passwords. This is one step towards securing private information. Another layer of security would be to separate the smart device network from your regular usage network. These steps are a few of the ways that you may take charge of your smart device security. 

Smart homes become more commonplace with time; this is not something that will change. What we do have the power to change is our smart device security. Hopefully, we can move towards a future where convenience and privacy do not come at the cost of the other.

Big data breaches aren’t going away any time soon and the recent revelation that Russia’s criminal underworld is in possession of account data for 272.3 million people is a testament to that.

Initially announced by Reuters at the start of May but constantly referred to by other media outlets ever since, the news that millions of Mail.ru, Yahoo, Google and Microsoft users have had their data stolen is yet another black eye for the online industry.

The data breach was first discovered by Hold Security experts who noted a forum post by a Russian who claimed to have access to 1.17 billion stolen records. After securing some of the hacker’s files, Holden Security found that the number of compromised accounts might not be as high as 1.17 billion, but it’s certainly an extremely large number.

Major Attacks Impact Small Businesses

While the companies in question have been working to patch up their leaks ever since, the knock-on effect of this latest security breach is currently trickling down through the online world. Big data, in fact data of any kind, is a precious commodity for all organisations, so to fail to protect it is now seen as the death knell for any business.

Although small businesses may not be as big of a target for serious hackers in the same way that Google et al are, they can still be in danger. In fact, as recently as February 2016, reports suggested that small businesses are now under attack more than ever.

According to Toni Allen of the British Standards Institute, 2015 saw a shift in the online landscape with more small businesses becoming a target for hackers. In line with this assertion, a recent Government Security Breaches Survey confirmed that 74% of small organisations reported security breaches in 2015.

This shift in dynamics is hardly surprising given the amount of valuable data small companies are now storing but, in some cases, failing to secure properly. However, as security providers like Incapsula have pointed out, provisions such as web application firewalls (WAF) are getting cheaper.

Web Security is Now Smarter, Cheaper and More Cost Effective

As security technology starts to move away from hardware and towards cloud-based solutions, the cost of protecting a website is decreasing. However, many small businesses are still failing to recognise this shift in dynamics and, as a result, are leaving themselves exposed to attack.

Not only that, they are risking financial ruin, as PricewaterhouseCoopers has estimated that the average cost of a security breach for a small business is between £65,000 (€84,159) and £115,000 (€149,700).

Fortunately, a modern web application firewall (WAF) not only provides multiple layers of protection – including signature recognition, identifying and analysing potential threats, monitoring IP addresses and blocking malicious users – they are also flexible. By offering a cloud-based solution, security providers can now tailor packages to each specific business.

This flexibility, combined with the removal of hardware set-up costs and more efficient data protection, has made website security much more affordable for small businesses. Yet, as the latest figures shows, many companies are still failing to secure their data. From the largest companies in the world to the smallest start-ups, everyone now handles big data and it’s this commodity that criminals want.

Yes, it’s fair to say we live in a golden age of technology, but we also live in an age where security is a major issue. Fortunately, security costs are coming down thanks to web-based solutions, but this only matters if small businesses are savvy enough to use the services at their disposal.

Like this article? Subscribe to our weekly newsletter to never miss out!

Follow @DataconomyMedia

Machine-learning is all the rage in fraud detection, with industry analysts, academics, businesses and technology media examining the advantages of algorithms and big data in the fight against e-commerce fraud. Especially for fraud analysts working in companies with small budgets , machine-learning tools are seen as a cost-effective way to tighten fraud controls while maintaining fast decision times, as Forrester noted in its 2015 cross-channel fraud report. There’s no question that machine-learning tools can be an effective component of fraud reduction program, but relying on them to save staffing costs may not be cost-effective in the long run.

That’s because while machine learning is an invaluable tool in the fight against fraud, it relies on human input and insight to create a comprehensive solution that yields the best results.

Overreliance on automated screening leads to more false declines

Algorithms are useful for identifying potential fraud quickly, but due to variability in consumer behavior – such as making online purchases while traveling abroad — some transactions will be falsely flagged for decline. The costs associated with false declines are too high to ignore. US merchants lose much more money on false declines than on confirmed fraud — $118 billion in false declines, compared to $9 billion in actual fraud, according to MasterCard and Javelin research.

What hasn’t been quantified is the cost of the customer relationships ended by false declines. MasterCard and Javelin found that 32% of customers who received a false transaction decline never shopped with that merchant again. Considering the cost of lost future purchases, as well as the higher relative cost of attracting new customers compared to retaining existing ones, this likely has a considerable impact on merchants.

The solution that protects merchants from fraud and lost business is to combine machine-learning algorithms with data collected by human analysts. Writing about machine-learning and card fraud for The Conversation, Penn State associate professor Jungwoo Ryoo noted that “people can still play a role – either when validating a fraud or following up with a rejected transaction.” This human intervention can reduce the number of falsely declined transactions in the short term, and when the analysts add those transaction outcomes into their data sets, it makes the automated tools smarter.

What machines need to learn varies by segment and merchant

The most effective algorithms will take into account the particular fraud patterns found within the merchant’s segments and geographic markets, as well as the changes that occur in those spaces. For example, the PYMNTS Global Fraud Attack Index found that in 2013, the digital goods segment faced high rates of suspected botnet fraud, while friendly fraud was a problem in the luxury goods segment.

More specifically, different merchants within the same segment may be subject to different mixes of fraud attempts or specific fraud patterns that algorithms must learn to detect. Experienced analysts who’ve worked extensively within a particular segment or who have long-term relationships with specific clients will have the detailed information needed to augment and improve algorithmic fraud screening at the segment and client level.
Besides historical knowledge, human analysts are the best protection against new types of fraud attempts that may launch on a small scale before ramping up to a larger and more damaging attack. These “observers on the battlefield” can raise the alert and ensure that the new data becomes part of the algorithm’s database.

What machines can’t do – yet

Algorithms are one of the technological tools that make modern e-commerce possible and relatively safe, but they can’t stand alone as a defense against fraud perpetrated by determined criminals. The advantages that human analysts bring to the process for the foreseeable future include creative problem-solving, deep knowledge of client and segment fraud landscapes, the ability to communicate directly with customers involved in flagged transactions, and the experience and intuition to pick out new fraud patterns as they develop. As long as humans are the ones perpetrating fraud against e-commerce merchants, it will ultimately be up to humans – and their smart technology – to thwart them.

Like this article? Subscribe to our weekly newsletter to never miss out!

Follow @DataconomyMedia

More than 30 firms including Intel, BT and Vodafone recently announced they would band together to create an industry body to vet internet connected devices for security flaws. You would be forgiven for missing this news, on paper it’s not terribly exciting. However, it has important implications for the Internet of Things (IoT) and will impact consumers and businesses.

The IoT is still in its infancy. It is missing the killer device that will spur widespread adoption and kick it into the consumer mainstream. While we wait for ‘the iPhone of smart devices’, there is a great opportunity to standardise how the IoT works.

Standardisation is crucial because of just how many devices the IoT could be made up of. With the potential for any object to be made ‘smart’ there could be an unprecedented number of collectors and transmitters of personal data. The fact that these devices need to talk to each other also means that data could be shared and used by a huge number of different companies.

Thankfully, some of the companies that are set to play a major role in the IoT have recognised this opportunity and decided to act. By seeking to create a minimum standard for security on IoT devices, this industry body will help to safeguard people’s data and create a level playing field for technology companies.

However, seeking to identify and weed out devices with inferior safety provisions is only one piece of the puzzle. Although it should help to defend against hackers, it won’t address the looming problem of how companies will collect, use and inform consumers about their personal data. For the IoT to gain widespread appeal and have longevity, users need to be able to trust smart devices and the companies that make them. Without minimum ethical standards or codes of conduct to govern the IoT there is a real risk that personal data will be misused. If this happens it will cause a consumer backlash that will threaten the whole industry, or provoke government regulation that could hamper innovation.

A minimum ethical standard for the use of data should not be a difficult document to create. Many of the companies involved in the industry body will already have their own standards in relation to how they use data on other devices. Harmonising these rules should be a no-brainer.

Consumers need to know what data is being collected on them and how it is used. Therefore, alongside security, transparency needs to be the foundation of the IoT. After all, it is everyone’s interest that the companies involved in the IoT act responsibly with personal data.

Standardisation can also extend beyond security provisions. The format and network these devices use should also be homogenised where possible. Consider the recent history of new technological devices. There have been reoccurring format wars, such as Betamax and VHS, Minidisk and MP3, and in the past few years, HD DVD and Blu-ray. As with most wars there were losers, casualties and a lot of money wasted. On one hand, there were the manufacturers and suppliers that threw their lot in on the wrong side. For some that was the end of the road, for others it precipitated a painful pivot.

Those who won had to incur plenty of needless costs in marketing and lobbying distributors. On the other hand, there was the annoyed consumer who forked out a lot of cash on devices and their favourite songs or movies in the right format only to find out they had to spend it all over again.

Cooperation between the businesses that operate in the IoT will help the sector develop faster, save money, support innovation and protect consumers. The formation of a group to address security is a welcome first step. However, we need to realise the ‘Internet of Things’ is really the ‘Internet of People’ and respecting the privacy of individuals is essential.

(image credit: Ervins Strauhmanis, CC2.0)

What is your mission statement?

Our mission is to create a world where consumers are part of the security solution, rather than the problem. Security should just work, without disrupting the user journey. Our behavioural biometric solution is a form of intelligent security – a multi-layered, pragmatic approach to user authentication and verification that means no user is forced to break into Fort Knox where there should just be a bicycle lock. It works on the premise that authentication should be continuous, based on identifying anomalies against learned user behaviour, rather than a one-off exercise. Our vision for the future is that our technology will be inside every device, protecting every user against fraud.

Where are you headquartered?

We are headquartered in Lulea in Sweden. Although the FinTech environment is much less developed than in London, this location has provided us with an internationally focused talent pool, and access to a collection of banks that are renowned for their early adoption of new technologies – BehavioSec has completely transformed the uptake of mobile payments in Scandinavia.

Who do you think will be the most influential figures (or companies) in FinTech, in 2015?

Incidents such as the Snowdon revelations and the high profile celebrity photo leak from iCloud have put security – and the issue of online identification – firmly under the national spotlight. For this reason, I expect that companies (such as BehavioSec) addressing evolving security and data privacy and protection concerns will become increasingly influential.

What kind of year do you foresee for your company, and the industry as a whole?

We are seeing a massive shift in the perception of our technology. Behavioural biometrics is no longer an intriguing ‘fringe’ technology. It has been successfully applied and proved at scale – we are proud to say that, following extensive trials with Nordic banks, our solution has now been deployed across the region for mobile and internet banking, and is now turning heads at other financial institutions globally.

What are your key targets for 2015?

Our aim is to continue to lead disruption to the authentication and verification industry. We are already in an advanced stage proof of concept trial with a major UK high street bank, and look forward to continuing to take the success we have seen in the Nordics to a wider international audience. This growth will be fuelled by the €5 million investment we received in December from NorthZone and Octopus. To support this expansion, we will continue to consolidate our presence in the UK and US, as well as further investing in our products.

What will be the most important opportunities for FinTech in 2015?

As the FinTech industry and companies within it mature and evolve, we anticipate that in many cases it won’t be a straightforward “new vs old” story, but a conversation about collaboration. How can banks harness the technology that smaller players are developing to support their quest for improved user experience? With an ever expanding array of consumer touch points – whose sky-high expectations will not compromise speed, security, or convenience – the appetite is there to challenge the existing processes and stand out from the crowd. Behavioural biometrics is a lightweight, frictionless layer of security that allows banks to stay ahead of the curve with regard to fraud, without introducing cumbersome processes that require end user education and support.

What are the key hurdles for growing your business this year?

There has been a great deal of hype around fingerprint and facial recognition, with several mobile devices now including these features as part of their user authentication process. Although this has doubtless been helpful in bringing an awareness of biometrics to a mass consumer audience, there is still a certain degree of confusion and intrigue around behavioural biometrics, an ‘invisible security’ concept that doesn’t hit the headlines so regularly. In terms of communicating to banks, we need to continue to articulate how behavioural biometrics can fit with and complement their existing authentication solutions, as well – of course – how this data is stored and protected.

What are your thoughts on the current state of FinTech?

It’s an enormously exciting time for the sector, with the current regulatory environment, investor appetite and start-up support environment all coming together to fuel a tidal wave of innovation. As the interest in challenger players increases, we are seeing increased specialisation within the FinTech sector – for example, it was announced recently that Europe’s first cyber security accelerator will launch in London.

(image credit: Wired / Nick Wilson)

A UK independent authority set up to uphold information rights in the public interest- ICO has brought forth the risk of using weak passwords yet again. A new Russian website has launched that allows people to watch live footage from some of the insecure cameras across the world. The website, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras.

“This site has been designed in order to show the importance of the security settings,” a notice said on the site, which was down at times Friday morning. The notice also proclaimed that the site was “fully legal.” The website said it had 4,591 video feeds from the United States and thousands of others from across the globe.

The website is reportedly collecting footage from several thousand Security cameras, both business and public, ranging from CCTV networks to cameras on baby monitors.

Simon Rice, Group manager for Technology at ICO stated –“We all need to be aware of the threats that exist to our personal information. If you don’t take basic steps (for securing our devices) as a matter of routine, then you’re leaving your information vulnerable and no one likes being watched by a stranger.”

ICO recommends making passwords more secure by using a mixture of upper and lowercase characters and numbers and disabling remote viewing settings or covering the lens as a last resort.

They suggest that one must secure all other devices as they may be prone to remote access as well. The plethora of information we now store on cloud is also potentially at risk. Using two- step authentication offers an additional layer of security for cloud services.

“The ICO is working with other global data protection and privacy authorities on collaborative action connected to the website showing unsecure webcam images, while advising people on the steps they can take to protect their information.”, said Simon.

Read more here.

Follow @DataconomyMedia

(Image credit: Hannaford)

Texas-based tech startup Vysk Communications has developed an “Everyday Privacy Case” (EP1), which uses a combination of hardware and software to provide next-generation privacy and security against camera and photo hacking.

“The more we rely on our smartphones—keeping photos, videos, text messages and sensitive
information stored on devices—the more cyber criminals want access to them,” says Victor Cocchia, an Army veteran, now co-founder and CEO of Vysk Communications. “That’s why you need hardware and software solutions to combat these attacks, which happen on a daily basis without your knowledge. Our goal is for everyday consumers to experience privacy wherever they go.”

The EP1’s innovative patent-pending camera shutters locks down your iPhone’s front and rear cameras preventing unauthorized remote capturing of photos or videos. Apart from the privacy features, it also charges the phone, providing an additional 120 percent battery power, and serves as a protective case for the iPhone® 5/5s, reports Vysk in a press release.

Due for release later this month, the software component includes the Vysk Private Gallery app, as well as the Vysk Private Text app. The Vysk Private Gallery app allows for image and video from current photo gallery and taking photos using the built-in camera interface and store them inside the encrypted, password-protected application with the option to organize photos into two separate galleries, each with its own unique access PIN.

In case of a security threat, users can erase the entire contents of the galleries instantly and permanently. Other features allow sharing of photos via social media channels, email, AirDrop and text message, through the app. The data backed up to iCloud is transferred as encrypted information, rather than a picture from your standard photo gallery.

In the wake of the recent iCloud hack, leading to compromised data of individuals and the disconcerting news of growth in hacking activities, Vysk’s EP1 provides a much wanted layer of security for individual privacy. Co-founded by Dr. Michael Fiske, one of the world’s foremost cryptographic experts, Vysk started in San Antonio, in 2012. The EP1 is now available for sale and shipment.

Source: Fast Company

Follow @DataconomyMedia

(Image credit: Vysk)

Researchers at Dartmouth College have been working on a solution to work around the shortcomings of inactivity timeouts and other security risks that arise when a user does not log out.

Conventional authentication methods based on passwords, tokens or fingerprints perform one-time authentication and rely on users logging out once they are done. However risks arise when the user fails to log out, and inactivity timeouts prove ineffective if the timeout is too long or too short.

That’s where ZEBRA – or Zero-Effort Bilateral Recurring Authentication- comes in. The user wears the ZEBRA bracelet, loaded with a built-in accelerometer, gyroscope, and radio on his/her dominant wrist. The bracelet records the wrist movement, processes it, and sends it to the terminal which then compares the wrist movement with the inputs it receives from the user (via keyboard and mouse), and confirms the proximity of the user only if they correlate, enunciates a paper explaining the research.

In an email to Motherboard, Professor David Kotz explains, “ZEBRA bracelet could act as a second factor for initial authentication.” He believes that the device could be customised, in principle, to be integrated into a variety of devices.

Dartmouth PhD student Shrirang Mare added that next on the agenda is to project the authentication technique to tablets and smartphones. If the recent spate of celebrity hacking has taught us anything, it’s that current data security procedures are not robust enough. Perhaps ZEBRA could be the personal online security breakthrough we’ve been waiting for.

Source: Motherboard

(Image credits: Flickr, Shimmer)

We met with Joe Eandi, the CEO & Co-founder of Vorstack, at the Finovate conference in San Jose. Vorstack is the industry’s first solution that provides early warning of security threats by automatically sharing cyber-events and enabling real-time collaboration. Vorstack enables automated event and threat sharing between trusted security professionals across the industry to obtain validated threat intelligence and rapid resolution through collaboration.

Who are you?

My name is Joe Eandi, and I’m the CEO of Vorstack. We recently got a $5 million + round of funding from Tech Operators and some others. I was originally an attorney, and worked at one of the premium law firms in the Bay Area, Wilson Sonsini. That’s where I discovered that I really wanted to be on the other side of the fence; it took me a while but we started Vorstack a couple of years ago to be in the information security space.

What do you do in a nutshell? Where did the idea come from?

There is a massive movement going on where enterprises want to exchange information to better improve their security. The promise at the highest level of security collaboration is that I can extend my network to the networks of others; if I can get real time information from my peers, that’ll help stop attacks on me. The efforts that have been made today have been association efforts where people are still sharing informally over email, or, there are some companies coming up that are storing big data in the Cloud to do processing; there hasn’t been a focus on the last and first mile of data exchange.

By last mile, I mean the use of information you get from others but don’t know how to use it. So Vorstack has built this engine that sits inside your network to automate the determination of relevance from all the disparate data coming back and forth into your network. We can determine what is relevant at the time we get the data, and we can set parameters so we can analyze in the future, so you don’t have an amnesia problem when you go forward as well. You can actually run queries over periods of time to avoid these problems, so now you’re processing data from the outside.

Given that the data is in all different formats, we have proprietary technology that normalizes it to a format that allows it to be queried against all the latest databases like Hadoop and Splunk, or the databases underlying Security analytics, or QRadar, and the like. That’s the automation of the inbound last mile.

For information sharing back to, or through these organizations and others, you need control over it. So we automate the outbound sharing , automating what is being shared from your network to others. This is where my lawyer background comes in: we give you strict control over what is being shared, and in what format, so that you can satisfy your policy, and regulatory people. This is very relevant for international organizations, because certain information can go on one direction more fully than in the other, so we support the concept of asymmetric trust in our platform. We are the first and last mile of threat intelligence collaborations.

How did your experience as an attorney help you to bridge the gap to entrepreneurship?

There are three ways I think it helped me. First, the network helped. If you’re representing companies that are going public and getting funding, you start to get to know the venture capitalists and successful entrepreneurs, and also become a trusted advisor for them, so they’ll return your calls down the road.

Second, if you have the right training in lawyering, you can learn strategy and game theory, and other types of applications. So when you encounter problems, you don’t have to just use your intuition, you can actually map things out from a game theory or other strategy perspective. We certainly did that in some of our decision points. Some of the decisions we failed to make were ones where we didn’t apply those formulas.

Third, if you’re going to do a start-up, and you’re not 22-years-old and can live in a shack, you want to be able to pick a business that is something that a couple of 22-year-olds can’t do. Information security is a business that you actually need a legal background, a policy background, and you need expertise to actually go to large financial institutions to talk about how you are going to secure their data.

How did you end up in security?

I dealt with security in complex matters at the last company I worked for. It was at a company called LiveOps, and it grew from $3 million in revenue to $130 million in revenue while I was there. We had to deal with a lot of regulatory issues because we handled 500,000 credit cards a week that were stored digitally, and in audio files. This is where I learnt how to deal with data. I left LiveOps and I was an entrepreneurial resident at Foundation Capital, where I was nurturing an idea with my technical co-founder, and then we decided that our idea was actually a company. We started the company based on a virtual security platform technology for which we’ve found the perfect application of the technology only last year, after hundreds of conversations with prospects.

What is your vision?

Our vision as an organization is to be significantly present in the markets we go after as a fundamental piece of how they do security. If you can extend your network beyond your four walls, and extend it out to others, you’ve just improved your network greatly. Coming from a customer of ours, if you’re effectively collaborating with your peers, and you’re using data in real time, you’ve gone from your basis of your security as being an event-based security team to an intelligence-based security team. Event is reactive, intelligence is proactive; and so, we’re a piece of that movement from event to intelligence-based security.

What are the biggest challenges for your company right now?

We need to get our product in people’s hands and hear them rate the product, to make sure we’re meeting people’s needs. There is one challenge that’s unique to collaboration, and it’s about real time collaboration where you’re passing information back and forth — you have to have people start at the same time. That itself provides challenges because in most sales processes you have a single focused customer, whereas now you have to coordinate four or five to actually turn something up at the same time.

Are you hiring at the moment?

Absolutely, engineering and sales in particular. You’ve got to build it and you’ve got to sell it.

Vorstack is the industry’s first solution that provides early warning of security threats by automatically sharing cyber-events and enabling real-time collaboration. Vorstack enables automated event and threat sharing between trusted security professionals across the industry to obtain validated threat intelligence and rapid resolution through collaboration

(Image Credit: Sascha)

IT services firm, Atos, is set to purchase its French counterpart Bull in an attempt to secure its place as the top cloud computing and cybersecurity company in Europe. The deal is believed to be worth €620 million ($845 million) and is expected to close at the end of this summer.

Atos said that the deal between the two companies would enhance its offerings in manufacturing, the public sector and healthcare , and increase its presence “mainly in France, but also in geographies such as Iberia, Poland, Africa and Brazil”.

“Bull will bring critical and complementary capabilities in big data which, combined with Atos solutions, will create a unique offering in this high-growth segment,” the company said.

According to reports, the cloud market is growing at a compound annual rate of 25 and 50 percent a year. The announcement of the deal will undoubtedly alarm other cloud service providers. Atos and Bull are currently ranked 5 and 10 respectively in Western Europe, and their partnership would place at them at the number two spot by revenue, just behind Amazon and ahead of Microsoft.

Read more here

(Image Credit: featured, fsecart. second image, here)

Dataguise, a big data security service, has announced the Big Data Protection Partner Program (BDP3).  The program’s goal is to provide users’ big data projects with a heightened level of protection to stop the most sensitive end user information from falling into the wrong hands.

A statement from co-founder and CEO of Dataguise Manmeet Singh said:  “The key challenge with Big Data today is to fully leverage all this important information while addressing compliance issues and protecting against data breaches and insider threats.  … Partnering with industry experts in the deployment and scalability of Big Data platforms places us in a unique position. Our goal is to create a best-in-class Big Data protection ecosystem and provide discovery and protection of sensitive data — no matter where it came from or currently resides.”

What others at Dataguise stress as incredibly beneficially to big data companies in terms of protecting their data, especially when they are collaborating on a project, is their ability to properly protect both structured and unstructured data.  Partner portal access with various tools, as well as joint marketing and licenses will also be features in the program.

Since Dataguise has been a player in the field since 2008, the company has become something of a staple for masking and encrypting the most important information.  Its proven track record includes working with large credit institutions, Apache Hadoop, MapR, Cloudera, and Hortonworks.

Read more here

(Image Credit:  Stockmonkeys.com)