Connect with us

Tech News

Connected and Vulnerable: Deloitte Shares Top Five Tips for IoT Device Security

Newsroom

Published

on

With the number of connected Internet of Things (IoT) devices anticipated to swell beyond 41 billion by 2025 according to a forecast from IDC estimates and the number of cyber attacks on such devices growing exponentially by the day, organizations should put security at the forefront of their priorities around IoT solutions. In an effort to help organizations shore up their security postures, Deloitte offers five tips to address IoT security in the products that organizations deploy in their environments and encourages manufacturers that make connected products to take a secure-by-design approach.

From cameras to toothbrushes, thermostats to hospital infusion pumps, connected devices are actively being targeted by cyber adversaries determined to compromise corporate and individual privacy, construct botnets, place malicious software and steal intellectual property.

The risk of compromise to a connected device is too great to ignore and often too late to reactively respond to. Organizations should adopt a proactive, secure-by-design approach while strategically and intentionally working to monitor and patch outdated legacy equipment, software and infrastructure.—Sean Peasley, partner, Deloitte & Touche LLP, and IoT security leader for Deloitte cyber risk services.

California is leading the charge with a new Internet of Things Security Law taking effect on Jan. 1, 2020, requiring all IoT devices sold to be equipped with reasonable security measures. Consequently, organizations should prepare and protect their companies, customers and communities. The benefits of IoT connectivity far outweigh the investment in cyber measures to ensure the integrity of the devices, networks and programs.

IoT device security best practices

Take note of every endpoint added: The expanse of IoT increases with every endpoint added into a network. This adds more vulnerabilities and has become a more popular and destructive cyber attack. While the adversarial landscape is always changing, Deloitte advises organizations to bring as much of their endpoint footprint under their security management in order to better secure the attack surface. Industry analysts predict that spending on IoT endpoint security solutions will be more than $630 million in 2021. Once these devices are managed, integration of security tools can be a more effective security focus for the organization. As with most domains within cybersecurity, security professionals realize that in order to meet the complex security challenges of their organizations, they should formulate a sound security strategy and constantly evolve by making continuous improvements to best mitigate their risks.

Align operational technology, IT and security: In addition to IoT, enterprises are managing multiple digital transformation initiatives simultaneously. Yet, according to the “Deloitte Future of Cyber” study, less than 10% of cyber budgets are allocated to these efforts. For companies to be successful with IoT initiatives, they need a new approach. One that helps them understand enterprise and cyber risks; develop a plan to prioritize and mitigate those risks; and then operationalize these efforts by obtaining alignment across key stakeholders: operational technology, IT and cybersecurity. Peasley adds, “IoT spans operational environments as much as it includes wearables, connected cars and products. Organizations should proactively plan for how to identify, track, patch and remediate around how it all could impact their organizations and ecosystems.”

Know the players in your ecosystem: Since the interconnectivity of third-party hardware, software or services may be the source of a security breach, it’s imperative to consider how a covered device interacts with such third parties. Ideally, contracts with third, fourth, and fifth parties should address security updates and concerns. Organizations should establish a third-party risk management program to evaluate the cyber risks of their third parties and supply chain partners.

Employ AI and ML to detect anomalies that humans can’t: You can’t prevent what you don’t know about. Artificial intelligence for IT operations (AIOps) has grown from an emerging category to an IT necessity. AIOps platforms are uniquely suited to establish a baseline for normal behavior and detecting subtle deviations, anomalies and trends. This is significant as IoT turns much of the physical world into robots powered by AI. Organizations should take both a secure by design (DevSecOps) approach in tandem with an AIOps approach to both prevent and identify cyber attacks.

Conduct vulnerability assessments on devices: As cyberattacks continue to grow, organizations should have confirmation that their connected devices — and the environment in which they’re deployed — have been designed, built and implemented with security in mind. Whether through basic testing or a bug bounty program, testing can provide assurance around the security posture of an organization’s devices.

Deloitte’s Cybersphere is a state-of-the-art destination to help organizations explore their most pressing cyber challenges. The Cybersphere features a 24/7 threat monitoring and reconnaissance “Watch Floor,” and labs designed for cyber teams to increase capabilities and confidence as they face ever-evolving cyber threats. It also features a Cyber IoT Studio where organizations can test the security of their connected devices on their networks to help identify whether their most critical assets are secure.

Deloitte’s Cyber IoT Studio provides:

Technical testing services for IoT devices — from autonomous cars and connected medical devices, to industrial control systems, building automation and smart cities.

A center of excellence that provides leading practices for device security testing and certification readiness methods.

An environment and secure location in which to test, analyze and pilot proprietary technology.

Diverse IoT ecosystems to architect and test heterogeneous technologies for a multitude of industry-specific, use-cases with the latest security and control solutions for on-premise and cloud integrations.

Continue Reading
Comments

Tech News

State of AI in the Enterprise, Third Edition

Newsroom

Published

on

Deloitte’s third edition of the “State of AI in the Enterprise” survey, conducted between Oct. and Dec. 2019, finds businesses are entering a new chapter in AI implementation where early adopters may have to work harder to preserve an edge over their industry peers. The study shows that companies at the top will be those that utilize AI to pursue creative and novel applications, actively address inherent AI risks and — as more organizations buy AI-powered capabilities — become smarter consumers of AI technology.

“Seasoned” adopters are the example to follow as the global survey of 2,737 information technology and line-of-business executives finds this category has undertaken many AI production deployments. They have also developed a high level of AI expertise across the board in selecting AI technologies and suppliers; identifying use cases for building and managing AI solutions; integrating AI into their IT environment and business processes; and hiring and managing AI technical staff.

Seasoned and skilled adopters evolve

Deloitte grouped responding organizations into three segments, based on the number of AI production deployments undertaken and how respondents rated their enterprise’s expertise across various measures.

Seasoned adopters are setting the pace in terms of AI adoption maturity. This category of adopters has grown since the last survey in 2018 from 21% to 26%.

Skilled adopters have generally launched multiple AI production systems but are not yet as AI-mature as the Seasoned organizations. This category of adopters has grown since the last survey from 43% to 47%.

Starters are just dipping their toes into AI adoption and have not yet developed solid proficiency in building, integrating and managing AI solutions. This category of adopters has declined since the last survey from 36% to 27%.

Becoming smarter consumers: Purchasing AI intelligently

As purchasing barriers have dropped and AI is more available, choosing the right technology is more important than ever. Those AI adopters surveyed tend to “buy” their capabilities rather than “build” them. To become smarter consumers, companies should evaluate the landscape, find the most advanced AI and integrate those technologies into their infrastructure. However, the survey found many adopters lack purchasing maturity:

  • Only 47% of all adopters say that they have a high level of skill around selecting AI technologies and technology suppliers.
  • Less than half (45%) say that they have a high level of skill around integrating AI technology into their existing IT environment.

Inventive approaches: Moving AI applications beyond IT and cyber security

It will likely take more creativity for organizations to differentiate themselves as AI becomes commonplace. For example, many companies are still using AI mostly in IT- and cybersecurity-related functions, which was also the case in Deloitte’s second edition of the survey. This year’s survey found:

  • Forty-seven percent of respondents indicated that IT was one of the top two functions for which AI was primarily used.
  • When asked to identify the top two benefits they were seeking from AI, respondents’ top choices were “making processes more efficient” and “enhancing existing products and services,” the same as the last survey.
  • Top business functions for AI applications, such as marketing, human resources, legal and procurement ranked at the bottom of the list. 
  • However, there are signals that AI may be expanding as respondents rated “creating new products and services” as the third-highest overall AI benefit.

Despite strong enthusiasm for their AI efforts, the majority of adopters only feel somewhat prepared to address AI risks — from unintended bias to determining accountability — and not enough are implementing specific practices to address them. In fact, survey respondents rank managing AI-related risks as the top challenge for their AI initiatives. Adding to this trust concern, many adopters feel underprepared and that these risks may impede their AI efforts:

  • More than half of adopters surveyed report “major” or “extreme” concerns about potential risks for their AI initiatives, while only four in 10 adopters rate their organization as “fully prepared” to address them.
  • While cybersecurity remains the most worrisome AI risk for adopters, AI failures, misuse of personal data, and regulatory uncertainty are also top areas of concern.
  • Fifty-six percent agree that their organization is slowing adoption of AI technologies because of the emerging risks, and the same proportion believe that negative public perceptions will slow or stop adoption of some AI technologies.
  • Fifty-seven percent of adopters have “major” or “extreme” worries about how new and changing regulations could impact their AI initiatives.

Continue Reading

Tech News

Digital Technologies Could Help Uganda’s Economy Recover Faster

Newsroom

Published

on

Uganda’s real gross domestic product (GDP) growth in 2020 is projected to be between 0.4 and 1.7% compared to 5.6% in 2019, according to the latest edition of the Uganda Economic Update released by the World Bank today. 

The report, “Digital Solutions In A Time of Crisis” shows the economy has suffered from the triple shocks of the COVID-19 (coronavirus) related economic and social disruption, a locust invasion and floods. Up to three million Ugandans could fall into poverty due to economic hardship and a lack of alternative means of survival. 

Global and local restrictions in the movement of people and goods and provision of services to contain the COVID-19 pandemic have resulted in lower consumption, loss of jobs and a 43% reduction in remittances. Due to a sharp drop in tax revenues, Government has also been forced to borrow much more to continue providing services to Ugandans. 

Uganda, however, remains at low risk of debt distress based on the April 2020 joint World Bank-IMF debt sustainability analysis. With total debt service (interest and principal due) expected to average around 55 percent of government revenues over the next three years, there is a need to cut back on non-priority spending in order to provide essential public services such as health, education, water and sanitation and electricity. 

A more widespread pandemic could pose significant risks to the outlook, as well as any further significant locust invasion. Weak economic growth in the post COVID-19 period will continue to reduce overall consumption and commodity demand. In addition, crude oil prices are expected to average $35 per barrel this year and $42 per barrel in 2021. Although this will limit external inflationary pressures for import-dependent Uganda, these prices are below the estimated breakeven price of $60 for oil production in Uganda. This could negatively impact Uganda’s prospects of becoming an oil producer within the next four to five years.

The increased use of digital technologies during the COVID-19 lockdown such as mobile money, on-line shopping, on-line education, digital disease surveillance and monitoring, and dissemination of public health messages shows the great potential to support faster economic recovery and strengthen resilience against similar shocks. 

“The digital space in Uganda is very innovative – and has quickly adapted during the pandemic. Fintechs have offered payment options, and digital solutions have reinforced and enabled the health sector’s calls to social distance and limit movement and contact. These solutions, if upscaled and developed to their potential would boost the digital economy and maximize its benefits to Ugandans,” said Tony Thompson, World Bank Country Manager for Uganda.

The report points to the current national ID system as one of the successes of technological advancement, which can be leveraged to support more efficient e-government systems and authentication by the public and private sectors while expanding financial inclusion, strengthening social protection delivery, supporting immigration control and refugee management. 

While Uganda has made reasonable technological strides, the analysis notes that it still lags with a phone penetration rate of 69.2% of the population, far below the average of 84%for Africa. There are gender and geographical gaps in access; for example, 46% t of female adults have access to mobile phone compared to 58% of male adults. Similarly, adults in urban areas are more likely to own mobile phones (70%) and have access to the internet (25%) compared to adults in rural areas (46%own phones and 5 percent have internet access).

The economic update makes several recommendations for the economy and ICT sector, including implementing supportive policies and regulation, review of taxation in the digital economy, leveraging technology to support the health sector and economic recovery through increased digitalization of agribusiness and manufacturing, expansion of social safety nets, and transparency and accountability of government’s response to COVID-19. It also recommends the development of a coherent strategy of ecosystem support and catalyzing regional and global integration of Uganda’s digital economy.

“There are areas of the economy that have shown resilience in the current crisis and by leveraging digital technologies are inventing new ways of operating and doing business,” said Richard Walker, World Bank Senior Economist for Uganda.

Continue Reading

Tech News

Safeguarding Your Mailbox from Spam, Hack & Phishing

Newsroom

Published

on

An email goes a long way before getting to the addressee. After all, malicious software may be introduced in this chain or the server owner intentionally takes certain actions to obtain confidential information and damage the mail server by sending spam. In addition, the recipient may be an attacker and use the information received for a personal gain.

However, that’s not all. An additional problem is associated with the massive use of personal mobile devices to access corporate mail services. In the case of a device hack, the company’s reputation is damaged and important information is lost or stolen. Luckily, all problems can be solved comprehensively. There are email protection systems and the spam email checker Cleantalk email checker that can help you do that.

 Email Security Methods

Comprehensive protection of information is aimed at the following tasks:

  • Ensuring the unhindered receipt of letters by the addressee, without the possibility of their interception, opening, reading, as well as the prevention of possible forgery;
  • Protection of information sent via e-mail from its distribution by an attacker without the knowledge of the sender;
  • Blocking and the automatic deletion of spam email entries and attempts to hack a mail server.

To achieve all the above goals, traditional cryptography methods are used, while protection against possible forgery involves the use of the electronic digital signature. The technical side of the security issue most often involves the installation of a special, independently compiled software module (plug-in) for the mail client. This is usually enough because this small-sized additional software automatically encrypts letters and signs them. Possible vulnerabilities in such a set of security measures appear only in the following cases:

  • The installation of clearly weak cryptographic algorithms;
  • Malfunctioning cryptographic algorithms or protocols involved;
  • Bookmarks originally made by the attacker into cryptographic algorithms that make it possible to crack email;
  • Actions of a virus capable of intercepting an already decrypted message on the device of the addressee or gaining access to the keys of the sender’s machine.

With an integrated approach to protecting mail or when using professional solutions, these vulnerabilities are identified and eliminated.

Antispam Action Algorithm

After checking the received message, the solution determines its status: spam, possible spam, or not spam. When analyzing email contents, the following assessment criteria are applied:

  • The blacklist of senders, as well as the list of spam phrases – If the sender is not present in the blacklist and contains no content considered as spam, the email is marked as not spam. If a sender is listed in the blacklist or there are “no-go” phrases in the email, the letter is blocked and doesn’t land in your mailbox.
  • Headers – The header text is analyzed using the special algorithm, embedded images and links are checked as well.
  • Email structure – By analyzing the email structure, its status can be determined as well.

Some services also check the IP address of a sender. In case the same IP is involved in many “email-sending” operations within a short period of time, it is considered a spam bot and all its activities are blocked on your end.

Continue Reading

Publications

Latest

Newsdesk57 mins ago

UN ‘actively assisting’ in response to huge explosions at Beirut port

The United Nations has said that it is “actively assisting” in the response to the horrific explosions that ripped through...

South Asia2 hours ago

Post-Pandemic Politics

Franklin Roosevelt has rightly put it, ‘In politics, nothing happens accidentally. If anything happens, it’s palpable that it planned this...

Eastern Europe4 hours ago

The political inertia of the EU in the South Caucasus becoming a serious problem for the West

The geopolitical panorama  in the South Caucasus, which has strategic importance for Europe, has changed dramatically in recent years. Different...

Americas6 hours ago

China Replacing Russia as the Boogeyman in the U.S. Presidential Campaign

During the 2016 U.S. Presidential bid, Russia was picked as a scapegoat to justify the loss endured by the Democratic...

Africa8 hours ago

Armed Bandits: The Novel Security Threat in Nigeria

The shrinking of Lake Chad which has led to competition between farmers and herders over scarce resources coupled with Boko...

Newsdesk9 hours ago

AfDB presents findings of the Angola Green Mini-Grid Market Assessment

The African Development Bank hosted a webinar to present the findings and recommendations of the Angola Green Mini-Grid Market Assessment...

Newsdesk10 hours ago

Ten Years to Midnight: Four urgent global crises and their strategic solutions

The world has 10 years to solve its urgent challenges or it will be too late. In his new book, TEN...

Trending