Enterprise, Internet Security

How do companies protect against a security breach?

It is no secret that any criminal will have his eyes on the biggest piece of cake he can acquire….

It is no secret that any criminal will have his eyes on the biggest piece of cake he can acquire. It is no different when it comes to cybercriminals. And for them, their favorite desserts are the big tech companies. That is why it is so important for every company to do what they can to protect against a security breach.

With huge amounts of sensitive/customer data around, exploiting just one company can give access to information worth millions of dollars!

No matter how protected business databases tend to be, hackers have very often been able to effectively slip through corporate security defense systems.

One recent example is the Petya Ransomware, a cyber attack predominantly targeted on Ukraine that caused havoc all across Europe and various other parts of the world with an estimated damage of more than $300 million to businesses – most of them being government organizations.

While large tech-companies invest millions of dollars on advanced defense systems, they are often defeated by stronger players in the wilds of the internet. It’s events like these that have pushed tech companies in stepping up their cybersecurity game like never before.

 

So, what do companies do to protect against a security breach?

 

Identity and access management (IAM) systems

Traditionally, identity management has been broadly defined as the set of policies, processes, and technologies used for managing access to information systems through the right individuals. It is the core network responsible for safeguarding digital data while effectively tracking system activities.

Even though the system itself is quite complex, the concept is simple – enhancing the privacy of data by limiting the various associated attributes to certain interactions.

 

Restricting use of unnecessary hardware and software

The higher the number of software or hardware connected to the network- the higher the number of possible exploits. Even though, software companies that sell their products to various IT firms make sure they are immune to cyber attacks, using a redundant program just isn’t worth taking the risk.

More often than not, giant tech firms make sure that different departments of their organization have devices connected to different servers, so that, even if one gets breached, the rest stay secured.

 

Background checks and constant monitoring

While IT firms carefully monitor for possible malware trying to attack their systems, there have been a good number of instances of intrusion from inside the network. No matter how high-caliber cybersecurity a company has, nothing can stop sensitive data from being stolen if it is operated by someone having a different purpose.

Lately, tech-firms have started resorting to serious background checks and screenings before giving access to important information to their employees.

 

IT training

Tech-firms and hackers, both, are well aware of each others’ goals! What that means is hackers know that their potential targets have taken the mandatory measures to try to keep them at bay from attacking their servers. Cyber culprits, however, have more than a dozen ways of sneaking into systems which they successfully achieve by capitalizing on human error.

Tech-firms have paid significant attention on developing a corporate culture focusing on security training programs aimed at teaching their employees the risks of negligent use of networks, phishing content, careless password management and improper disposal of information.

 

Encrypting Data

While having sensitive data stolen is a nightmare itself, things get a lot worse when this stolen data can be used for the wrong purposes. One way to keep data safer is by converting it into a code which can be decoded only by the entity with the decryption key. This doesn’t mean hackers might not have a solution of converting encoded information into a readable form. However, it certainly makes things harder for someone trying to obtain unauthorized access.

 

Strong Passwords and Password Managers

Using strong usernames and passwords should be a no-brainer. However, what is more important is properly storing them and that is where a password manager comes to play.

Password managers are software that saves usernames/passwords and keeps them encrypted. However, the risk here is the software itself as it is the master program containing all the passkeys. A security issue with it is enough to create a potential security risk.

 

Having information stolen is the last thing any organization would want to happen, especially if it is that of their clients. Not only it is a matter of reputation, a company might face serious legal issues for not being able to protect their customer’s information.

Be the first to write a comment.

Leave a Reply

Internet Security

Can predictive analytics be made safe for humans?

Massive-scale predictive analytics is a relatively new phenomenon, one that challenges both decades of law as well as consumer thinking about privacy. As a technology, it may well save thousands of lives in applications like predictive medicine, but if it isn’t used carefully, it may prevent thousands from getting loans, for instance, if an underwriting…


Massive-scale predictive analyticsis a relatively new phenomenon, one that challenges both decades of law as well as consumer thinking about privacy.

As a technology, it may well save thousands of lives in applications like predictive medicine, but if it isn’t used carefully, it may prevent thousands from getting loans, for instance, if an underwriting algorithm is biased against certain users.

I chatted with Dennis Hirsch a few weeks ago about the challenges posed by this new data economy. Hirsch is a professor of law at Ohio State and head of its Program on Data and Governance. He’s also affiliated with the university’s Risk Institute.

“Data ethics is the new form of risk mitigation for the algorithmic economy,” he said. In a post-Cambridge Analytica world, every company has to assess what data it has on its customers and mitigate the risk of harm. How to do that, though, is at the cutting edge of the new field of data governance, which investigates the processes and policies through which organizations manage their data.

You’re reading the Extra Crunch Daily. Like this newsletter?Subscribe for free to follow all of our discussions and debates.

“Traditional privacy regulation asks whether you gave someone notice and given them a choice,” he explains. That principle is the bedrock for Europe’s GDPR law, and for the patchwork of laws in the U.S. that protect privacy. It’s based around the simplistic idea that a datum — such as a customer’s address — shouldn’t be shared with, say, a marketer without that user’s knowledge. Privacy is about protecting the address book, so to speak.

The rise of “predictive analytics,” though, has completely demolished such privacy legislation. Predictive analytics is a fuzzy term, but essentially means interpreting raw data and drawing new conclusions through inference. This is the story of the famous Target data crisis, where the retailer recommended pregnancy-related goods to women who had certain patterns of purchases. As Charles Duhigg explained at the time:

Many shoppers purchase soap and cotton balls, but when someone suddenly starts buying lots of scent-free soap and extra-big bags of cotton balls, in addition to hand sanitizers and washcloths, it signals they could be getting close to

Read More

Continue Reading
Internet Security

Atrium, Justin Kan’s legal tech startup, launches a fintech and blockchain division

Atrium, the legal startup co-founded by Justin Kan of Twitch fame, is jumping into the blockchain space today. The company has raised plenty of money — including $65 million from a16z last September — so rather than an ICO or token sale, this is a consultancy business. Atrium uses machine learning to digitize legal documents and develop applications…


Atrium, the legal startup co-founded by Justin Kan of Twitch fame, is jumping into the blockchain space today.

The company has raised plenty of money — including $65 million from a16z last September — so rather than an ICO or token sale, this is a consultancy business. Atrium uses machine learning to digitize legal documents and develop applications for client use, and now it is officially applying that to fintech and blockchain businesses.

The division has been operating quietly for months and the scope of work that it covers includes the legality and regulatory concerns around tokens, but also business-focused areas including token utility, tokenomics and general blockchain tech.

“We have a bunch of clients wanting to do token offerings and looking into the legality,” Kan told TechCrunch in an interview. “A lot of our advisory work is around the token offering and how it operates.”

The commitment is such that the company is even accepting Bitcoin and Bitcoin Cash for payments through crypto processing service BitPay.

While the ICO market has quietened over the past year following huge valuation losses market-wide, up to 90 percent in some cases with many ICO tokens now effectively worthless, there’s a new antic

Read More

Continue Reading
Internet Security

OpenAI built a text generator so good, it’s considered too dangerous to release

A storm is brewing over a new language model, built by non-profit artificial intelligence research company OpenAI, which it says is so good at generating convincing, well-written text that it’s worried about potential abuse. That’s angered some in the community, who have accused the company of reneging on a promise not to close off its…


A storm is brewing over a new language model, built by non-profit artificial intelligence research company OpenAI,which it says is so good at generating convincing, well-written text that it’s worried about potential abuse.

That’s angered some in the community, who have accused the company of reneging on a promise not to close off its research.

OpenAI said its new natural language model, GPT-2, was trained to predict the next word in a sample of 40 gigabytes of internet text. The end result was the system generating text that “adapts to the style and content of the conditioning text,” allowing the user to “generate realistic and coherent continuations about a topic of their choosing.” The model is a vast improvement on the first version by producing longer text with greater coherence.

But with every good application of the system, such as bots capable of better dialog and better speech recognition, the non-profit found several more, like generating fake news, impersonating people, or automating abusive or spam comments on social media.

To wit: when GPT-2 was tasked with writing a response to the prompt, “Recycling is good for the world, no, you could no

Read More

Continue Reading
Enterprise

Bots try to break the internet, and other trends for 2019

From the largest DDoS attacks ever seen and record-breaking numbers of data breaches, to the implementation of the General Data Protection Regulation (GDPR) in May, 2018 will be remembered as an extraordinary year for the cybersecurity industry. With hackers developing increasingly sophisticated ways to attack enterprises every day, one of the most important lessons from this…


From the largest DDoS attacks ever seen and record-breaking numbers of data breaches, to the implementation of the General Data Protection Regulation (GDPR) in May, 2018 will be remembered as an extraordinary year for the cybersecurity industry. 

With hackers developing increasingly sophisticated ways to attack enterprises every day, one of the most important lessons from this year is how crucial it is to stay one step ahead of cybercriminals at all times. In order to continuously protect company and customer data, businesses need to have an understanding of not only cybersecurity threats now, but also in the far future.  

Although no one can say for certain what 2019 will bring, we can look to the past to understand the trends of tomorrow. As technology has evolved, it’s been accompanied by smarter, more malicious and much harder to detect threats. With the ever-increasing intelligence of bots, the increasing complexity of clouds and rising IoT risks, as well as the impact of data regulations, cybersecurity will dominate boardroom conversations. 

  • Keep your devices protected from the latest cyber threats with the best antivirus
  • Browse public Wi-Fi securely with the best VPN
  • This is everything you need to know about GDPR

With this in mind, here are eight trends that will make the year ahead as turbulent as the one just passed:

Cyber-attacks will grow – and go slow 

Organisations will see an increase in cyberattacks but these will be “low and slow”, rather than “noisy” incidents such as DDoS attacks. Launched by botnets, “low and slow” attacks aim to remain under the radar for as long as possible, to steal as much data as they can. 

Often these take the form of credential stuffing attacks, where stolen credentials are used to access associated accounts and steal further personal data such as addresses and payment details. 

To protect themselves, businesses will need to adopt bot management solutions, which identify, categorise and respond to different bot types. The technology uses behaviour-based bot detection and continuous threat analysis to distinguish people from bots. 

Image Credit: iStockPhoto

Image Credit: iStockPhoto

Bots will overtake human web traffic 

As bots become more sophisticated, they will be responsible for more than 50% of web traffic. Already, Akamai has found that43% of all login attemptscome from malicious botnets – and this is set to increase as credential stuffing and “low and slow” attacks grow in popularity. 

More sophi

Read More

Continue Reading