Connect with us

Tech News

Connected and Vulnerable: Deloitte Shares Top Five Tips for IoT Device Security

Published

on

With the number of connected Internet of Things (IoT) devices anticipated to swell beyond 41 billion by 2025 according to a forecast from IDC estimates and the number of cyber attacks on such devices growing exponentially by the day, organizations should put security at the forefront of their priorities around IoT solutions. In an effort to help organizations shore up their security postures, Deloitte offers five tips to address IoT security in the products that organizations deploy in their environments and encourages manufacturers that make connected products to take a secure-by-design approach.

From cameras to toothbrushes, thermostats to hospital infusion pumps, connected devices are actively being targeted by cyber adversaries determined to compromise corporate and individual privacy, construct botnets, place malicious software and steal intellectual property.

The risk of compromise to a connected device is too great to ignore and often too late to reactively respond to. Organizations should adopt a proactive, secure-by-design approach while strategically and intentionally working to monitor and patch outdated legacy equipment, software and infrastructure.—Sean Peasley, partner, Deloitte & Touche LLP, and IoT security leader for Deloitte cyber risk services.

California is leading the charge with a new Internet of Things Security Law taking effect on Jan. 1, 2020, requiring all IoT devices sold to be equipped with reasonable security measures. Consequently, organizations should prepare and protect their companies, customers and communities. The benefits of IoT connectivity far outweigh the investment in cyber measures to ensure the integrity of the devices, networks and programs.

IoT device security best practices

Take note of every endpoint added: The expanse of IoT increases with every endpoint added into a network. This adds more vulnerabilities and has become a more popular and destructive cyber attack. While the adversarial landscape is always changing, Deloitte advises organizations to bring as much of their endpoint footprint under their security management in order to better secure the attack surface. Industry analysts predict that spending on IoT endpoint security solutions will be more than $630 million in 2021. Once these devices are managed, integration of security tools can be a more effective security focus for the organization. As with most domains within cybersecurity, security professionals realize that in order to meet the complex security challenges of their organizations, they should formulate a sound security strategy and constantly evolve by making continuous improvements to best mitigate their risks.

Align operational technology, IT and security: In addition to IoT, enterprises are managing multiple digital transformation initiatives simultaneously. Yet, according to the “Deloitte Future of Cyber” study, less than 10% of cyber budgets are allocated to these efforts. For companies to be successful with IoT initiatives, they need a new approach. One that helps them understand enterprise and cyber risks; develop a plan to prioritize and mitigate those risks; and then operationalize these efforts by obtaining alignment across key stakeholders: operational technology, IT and cybersecurity. Peasley adds, “IoT spans operational environments as much as it includes wearables, connected cars and products. Organizations should proactively plan for how to identify, track, patch and remediate around how it all could impact their organizations and ecosystems.”

Know the players in your ecosystem: Since the interconnectivity of third-party hardware, software or services may be the source of a security breach, it’s imperative to consider how a covered device interacts with such third parties. Ideally, contracts with third, fourth, and fifth parties should address security updates and concerns. Organizations should establish a third-party risk management program to evaluate the cyber risks of their third parties and supply chain partners.

Employ AI and ML to detect anomalies that humans can’t: You can’t prevent what you don’t know about. Artificial intelligence for IT operations (AIOps) has grown from an emerging category to an IT necessity. AIOps platforms are uniquely suited to establish a baseline for normal behavior and detecting subtle deviations, anomalies and trends. This is significant as IoT turns much of the physical world into robots powered by AI. Organizations should take both a secure by design (DevSecOps) approach in tandem with an AIOps approach to both prevent and identify cyber attacks.

Conduct vulnerability assessments on devices: As cyberattacks continue to grow, organizations should have confirmation that their connected devices — and the environment in which they’re deployed — have been designed, built and implemented with security in mind. Whether through basic testing or a bug bounty program, testing can provide assurance around the security posture of an organization’s devices.

Deloitte’s Cybersphere is a state-of-the-art destination to help organizations explore their most pressing cyber challenges. The Cybersphere features a 24/7 threat monitoring and reconnaissance “Watch Floor,” and labs designed for cyber teams to increase capabilities and confidence as they face ever-evolving cyber threats. It also features a Cyber IoT Studio where organizations can test the security of their connected devices on their networks to help identify whether their most critical assets are secure.

Deloitte’s Cyber IoT Studio provides:

Technical testing services for IoT devices — from autonomous cars and connected medical devices, to industrial control systems, building automation and smart cities.

A center of excellence that provides leading practices for device security testing and certification readiness methods.

An environment and secure location in which to test, analyze and pilot proprietary technology.

Diverse IoT ecosystems to architect and test heterogeneous technologies for a multitude of industry-specific, use-cases with the latest security and control solutions for on-premise and cloud integrations.

Continue Reading
Comments

Tech News

Antivirus and Firewall “Security” Measures are OBSOLETE in 2021 – and it’s getting worse

Published

on

“Just Because You’re Paranoid Doesn’t Mean Someone Isn’t Trying to Hack You.”

Last year was “perhaps the most active year in memory” with regard to cyberattacks, according to Sunnyvale, California-based cybersecurity technology company CrowdStrike, a respected firm providing cyberattack response services, threat intelligence, and an annual Global Threat Report (paywall) on the state of web security. The world went through hell with Covid in 2020, but for web miscreants, the year was awesome as they preyed on our misery, pretending to offer information, and impersonating important global pandemic responders such as the U.S. Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). Malicious actors had a phishing field day in 2020 – which, naturally, works best when there an emotional connection. How many times have we heard of someone losing money to fraud after getting an email from a “friend in distress”?

Of course, it’s a good bet that CloudStrike’s 2022 report will list ’21 as the “most active year” since…well, the year before. Moore’s Law and all the fun math of exponentiality doesn’t only apply to things we enjoy such as Apple’s M1 processor, but also to the malware, cyberattacks, and security breaches that come with technological advances. Nearly every, if not every, electronic device that has an internet connection can be hacked; and can often be hacked when it’s either on or offline.

Many are switching to safe browsers such as Firefox Focus or Qustodio Free. Experts, however, are recommending adding even more layers of protection to your digital life by installing a safe browsing app that works with all the big browsers. Safe browsing apps – many of which are free to download – double-check that the site you’re visiting is legit, vet and scan apps and files in real-time, protect your Wi-Fi network, offer anti-phishing protection, and allow you to build a “blacklist” of sites you want blocked – keeping your kids safe from “adult content.” Using a safe browser app is proactive – stopping things before they happen, not catching them after the fact.

So-called “malicious actors” (simply put: bad guys) have and are stepping up their game. CloudStrike’s report noted that in 2020, there was a significant increase in extortion and blackmail techniques all nicely bundled into ransomware operations. The security firm warns that 2021 will likely see more of what it terms, “big game hunting” – e-criminals going after larger firms as the potential return is larger. Also of interest was a note on malicious actors forming alliances; working in tandem to level up and coordinate their attacks.

However, even if you don’t happen to be the CEO of a large corporation with data that would be worth ransoming, cybersecurity gurus are warning anyone with a computer to start realizing that “the good old days” of flying under the radar with half-baked security measures are gone for good – you might not even be the target but could end up being used by identity thieves to cause serious harm to a friend or acquaintance. You don’t need to be “someone” or even have valuable data to be targeted, and to think otherwise is to fundamentally misunderstand how wild the web of the 2020s has become. Think back to the last time a friend of yours told a tale of their account being hacked. Weren’t you somewhat surprised as they aren’t famous or rich? – When was the last time you gave serious thought to the safety of your personal data? If your company hired a “white hat” to stress test your firm’s web security, how well do you think it would hold up? The question ‘Is this website safe?’ is getting harder to answer.

Too many downplay the risks of a data breach. “Why would anyone want my ‘boring’ info?” people ask. Well, there are serious reasons such as identity theft, fraud, or phishing attempts, but there’s also a lot of money to made in collecting information. Harvesting data is big business. They’ll take info on everything from the language you use, your screen resolution, operating system, time zone, active plugins, browser type…you name it. By breaking down you – and the millions of others like you – into data points that can be categorized, you are now a target for precision missile advertising strikes. Being tracked keystroke by keystroke as you shop, bank, email, and enjoy online entertainment isn’t just creepy; it’s potentially dangerous. Predators prey on the weak. Why allow yourself to be a target?

There are some scary stats out there: 300,000 new pieces of malware are reportedly created every day. Cybercrime is more profitable than the illegal drug trade! Over 60 percent of businesses that get hacked say they aren’t sure they’ll ever fully recover. Anti-virus software or firewalls are as effective as a sieve, etc. It’s human nature to overestimate one’s web knowledge. Sure, you don’t click on links that look fishy and, heck, you might have even ponied up for a VPN (Virtual Private Network). A VPN, however, only conceals your location, data-in-transit, and IP address. VPNs are not the fortresses we think they are, however. Via browser fingerprinting (look that term up if you’ve never heard of it) a leak that shows your online identity is still a possibility. You need multiple layers of protection, and you need them now. To paraphrase a famous quote, “You Might Be Paranoid, but that Doesn’t Mean Someone Isn’t Trying to Hack You.”

Continue Reading

Tech News

Moscow innovation ecosystem became prize-winner of Quality Innovation Award 2020

Published

on

The Moscow Innovation Ecosystem program dedicated to testing innovative solutions became a prize-winner of the international Quality Innovation Award Forum in the Public Sector Innovations category.

The program lets designers test their technologies at the city and business sites. Over 50 draft solutions were tested in the course of the program existence.

The program makes it possible for designers to test their technologies at the city and business sites before being released to the market, and for the authorities and potential contractors — to analyze the effectiveness of those technologies.

‘The project makes it possible to study Russian and international practices in the field of smart cities and state management, analyze impact of different technologies on the quality of life in the city. Piloting of projects helps evaluate the practical use of new solutions for citizens,’ remarked Eduard Lysenko, Minister of the Moscow Government, Head of the Moscow Department of Information Technologies.

Among those tested projects are a self-driving taxi, a hand exoskeleton, a spatial reasoning system for persons with sight disability, VR-technologies in education, an application for museum visitors that allows uploading information about exhibits to a smartphone.

‘The jury of the competition underlined the unique conditions that Moscow created for the authors of high-tech solutions. The prize-winner program gives designers a chance to test the viability of their solutions and get comprehensive feedback from the target audience. Last year, we got over 600 requests from entrepreneurs for testing various products,’ Natalya Sergunina, Deputy Mayor of Moscow said.

The framework of the program lets the dedicated specialists choose the most promising and urgent projects. Once the project is chosen, a testing site shall be determined.

‘Thanks to the Moscow innovation ecosystem, the capital of Russia is one of the most active cities in terms of innovations that undergo testing. Today, over 100 state and business sites participate in the program. Banks, retail chains, communication services providers, production enterprises, medical institutions, high schools, IT corporations and other companies are among them,’ added Alexey Fursin, Head of the Moscow Department of Entrepreneurship and Innovative Development.

While testing, the designers get the expert support, access to the infrastructure in order to test the solution practically with many potential users and recommendations for adapting the product for certain clients.

The Quality Innovation Award has been held since 2007 by Finnish Association for Quality in cooperation with partner companies from Russia, China, Czechia, Estonia, Hungary, Israel, Latvia, Lithuania, Serbia, Spain, Sweden and other countries. Over 400 innovations were submitted for awarding in 2020, 25 of them were prized.

The Moscow Agency of Innovations is the operator of the pilot innovation testing program. It unites representatives of the authorities and business society with technological companies so that they could jointly create, testing implement innovative solutions.

Continue Reading

Tech News

Checking People: Why a Background Review Service Could Save Your Company

Published

on

From “sins of omission” to full-on deception; professional “Check People” help uncovers all

The Oscar-winning drama “Parasite” by Korean director Bong Joon Hodepicts a family using Photoshop and other techniques to forge documents and gain employment from a wealthy couple as tutors, a housekeeper, and a driver. In the film, the obscenely wealthy and horribly naïve couple trust a single reference from a trusted friend – and forego background checks. The story does not end well; to say the least.

These days, a claim you graduated from Harvard is very likely going to be double-checked; but it’s the more minor claims that sometimes slip through the cracks. The person who claims to have graduated from Concordia College and University of Delaware, for example. Concordia looks legit and the claim hardly seems worth checking. But how would you feel after you learn that Concordia (sometimes of Delaware, sometimes of Dominica, etc. –They change addresses and websites as needed) is listed as a so-called “diploma mill” that grants degrees based on “life experience.” Concordia will scream to the heavens that it’s accredited and legal, but courts have deemed otherwise and people have gotten into serious legal trouble for using such degrees – some of which cost less than US$300. A comprehensive background check would easily flag such a “graduate.”

Put simply, background checks work by using proprietary algorithms to conduct online searches of public databases as well as deeper inquiries into online content to find a “reel” of data on an individual. Reviews of CheckPeople background check service shows the cost of a serious background check is a pittance when compared to the trouble an unverified person could end up costing a company.Background check service companies might also check the prospective employees’ immediate relatives or even extended family to discover any connections that the person has not disclosed that you would rather know about.

Avoid Legal Troubles and Hits to Your Reputation by Doing Background Checks

Using fake degrees are becoming less common as, you know…Google. But human beings are human beings, and so-called “sins of omission” are too-often the rule rather than the exception. And it’s surprising to learn how common deliberate deception is – one report found that almost 60 percent of all resumes include incorrect, misleading, or otherwise false information. Some things are hard to falsify: a hospital in 2021 is unlikely to, say, hire a fake brain surgeon, but the person who you’re considering for your small or medium-sized business could lead to serious problems – unless you invest in a good background check service. There’s plenty that can be falsified and the way to avoid being burned is by hiring a firm with the know-how and reputation to do a real look into a person’s past.

It might not seem like a big deal when a person falsely claims on a resume that they have been certified in such-and-such an area; until an accident or incident happens in that particular area – opening up your company to lawsuits. “Negligent hiring” is the cause of many a lawsuit claiming negligence due to a company hiring an employee who perhaps falsified an accreditation or certification in some specific area. Employees from janitors to drivers are in positions that could lead to incidents affecting your company. The first thing the lawyer on the other side of the table is going to ask – if an incident should occur is, “Did you run a background check before hiring this individual?” If not, the jugular “negligent hiring” vein is exposed for the claws of legal retribution.

“Trust, But Verify” is a Very Wise Plan: People Don’t Advertise Their Flaws

Many offenses don’t make the news and aren’t uncovered by simple searches.  Perhaps there was an altercation with a neighbor that didn’t lead to criminal charges but was reported, and indicates a propensity towards violence. Perhaps there was a write-up by a supervisor over some negligence that, again, didn’t make the papers, but is buried in someone’s deeper background. Perhaps they’ve transgressed in some financial way that is pertinent to your industry. Perhaps they have a substance abuse problem that you’d rather not be liable for.

This is why you need professional help and the best plan is to get a background check that vets thoroughly and completely, giving you peace of mind that there are no old forgotten accounts, blog posts, or other real-life or webskeletons in closets that could do great damage to your company’s reputation.

You will want to use a reputable background check service that ensures no stones are left unturned. Public records such as criminal charges, marriages, divorces, addresses, and other simple things are easy to find, but there are also harder, “deep web” searches. These involve looking into possible aliases, possible unreported presences on social networks, and a boatload of other possibly incriminating data. It’s easy to imagine a simple background check finding a criminal charge, but how easy would it be to find white supremacist comments left by someone using a fake identity on a social media site?

Make Sure the Background Check Company You Hire is Legit

Authentic background check sites offer various financial plans thatsuit your budget. But more important than money; is the background check company itself legitimate? Keep in mind the United States Fair Credit Reporting Act prohibits the use of background checks for potential employees without informing them beforehand and having them agree in writing. Any background check company worth its salt will inform you of the law beforehand.

The main point is simple. People don’t volunteer negatives. Resumes are written to show a person’s most positive aspects. It is therefore incumbent on the employer to run a complete background check. Luckily, we now live in a digital age where it’s become easier than ever to instantly uncover traces of information that just a few decades ago would have been nearly impossible to uncover – if you invest in a complete background check from a reputable source.

Continue Reading

Publications

Latest

Environment2 hours ago

After steep drop in 2020, global carbon dioxide emissions have rebounded strongly

The Covid-19 crisis in 2020 triggered the largest annual drop in global energy-related carbon dioxide emissions since the Second World...

EU Politics4 hours ago

EU and Armenia Comprehensive and Enhanced Partnership Agreement enters into force

On 1 March 2021, the European Union-Armenia Comprehensive and Enhanced Partnership Agreement (CEPA) will enter into force. It has now...

Defense6 hours ago

India-Pakistan LOC peace

India and Pakistan have both announced to “strictly observe” the truce along the Line of Control and all other sectors...

Health & Wellness8 hours ago

COVID-19 cases rise for first time in seven weeks

After six consecutive weeks of decline, COVID-19 cases worldwide increased last week for the first time, the World Health Organization...

Human Rights10 hours ago

Russia responsible for Navalny poisoning, rights experts say

Russia is responsible for the poisoning and attempted killing of jailed opposition figure Alexei Navalny, two independent UN rights experts said on Monday, issuing an...

Terrorism12 hours ago

Despite acknowledging strict measures, Pakistan has to stay on the grey-list in FATF

President of The Financial Action Task Force (FATF), Dr. Marcus Pleyer, announced in a press conference held on 25 February...

Africa14 hours ago

Kenya’s Peter Mathuki appointed as Head of EAC Secretariat

Kenya’s Peter Mutuku Mathuki has been appointed to head the East African Community (EAC), the regional bloc that brings East...

Trending