alt =""
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Monday, 7 December 2015

How Do You Solve a Problem Like Cyber Security?

Happiest Minds UK discusses the new-age deception technologies UK businesses should adopt to bolster theircyber-security defences
The recent TalkTalk cyber-security breach has brought the issue of security firmly back into the public’s psyche and has put both government and organisations on high alert. It seems that regardless of your vertical market, be it finance, technology or banking, the threat of a cyber breach is pretty much imminent. Only today I read an article which outlined that Britain’s Trident nuclear weapons system may be vulnerable to cyber-attack by a hostile state, according to former defence secretary Des Brown.
So, despite the UK being one of the highest EU spenders on IT security, existing cyber security solutions are simply not good enough to stop malicious hackers and evolving threats. It’s little wonder why Chancellor George Osborne has pledged to spend an additional £1.9 billion on cyber security and has committed to the creation of a ‘National Cyber Centre’ to respond to major attacks on Britain.
So, how do you solve a problem like cyber security? Well, the answer could well be to implement emerging deception technologies such as next-generation honeypots and decoy systems which, according to a new Gartner report entitled ‘Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities’, could have a game changing impact on enterprise security strategies.
Deception technologies are effectively tools which deceive attackers and enable the identification and capture of malware at point of entry. They misdirect intruders and disrupt their activities at multiple points along the attack chain by luring them towards fake or non-existent data and away from the organisations critical data.
Let us look at a few of these technologies in greater detail:
Honeypots—or software emulations of an application or server—have been around for a few years now. A honeypot works by offering ‘honey’, something that appears attractive to an attacker, who will then expend his resources and time on gathering the honey. In the meanwhile, the honeypot does an admirable job of drawing his attention away from the actual data it seeks to protect.
Decoys are similar to honeypots and cause the attacker to pursue the wrong (fake) information. Many decoys act together to fill the attacker’s radar in a manner as to render it difficult for him to differentiate between real and fake targets.
However, organisations are now looking for more active defence strategies that not only lure in attackers, but also trap them, confound them and track their activity. One such deception technology offers an emulation engine masquerading as a run-of-the-mill operating system. The ‘operating system’ contains ‘sensitive’ data that could be attractive to attackers, for example data labelled ‘credit card info’. The platform will lure the attacker in by allowing him to ‘hack’ this fake data and in turn start gathering information about his movements and the codes that he seeks to modify. This intelligence can then be shared with other security tools, such as intrusion prevention systems, to defend against the attack.
A number of start-ups are designing various kinds of intrusion deception software that insert fake server files and URLs into applications. These traps are visible only to hackers and not normal users. An example of such a snare could be trapping hackers probing for random files by granting them access to bogus files that are a dead-end and merely keep leading them in circles towards more fake data. Or protecting the system against brute-force authentication by scrambling the attacker’s input so he can never get the password right, even if he does happen to type out the right code.
Other technologies set up fake IP addresses on webservers that, on multiple attempts to hack them, will always present a deception to that user. Other companies set up virtual systems or computers that actually have no data on them, and are indistinguishable from other machines on the network. Repeated intrusion into and unwarranted activity on these systems make it easy to identify hackers. The hackers’ movements and methods can then be analysed, and the data fed back into other threat detection solutions and tools.
Deception technologies therefore create baits or decoys that attract and deceive attackers, making it quicker for an organisation to detect a security breach. They increase the attacker’s workload and exhaust his resources. Certain solutions go beyond merely setting up decoys to also conduct forensic analysis on these attacks so the organisation can effectively defend its network and speedily mitigate security breaches. It may not be a ‘one size fits all’ answer to the cyber security conundrum, but it is certainly one more weapon in the organisation’s armory against hackers.

Wednesday, 25 November 2015

Cyber Threat Intelligence – What is needed?

Cyber Threat Intelligence (CTI) is a term used to address any kind of information that protects your organization’s IT assets from potential security impeachment. CTI can take many forms. It could be internet based IP addresses or geo locations TTP’s (Tools, Tactics and Practices). These work as indicators or early warnings of attacks which can take a toll on an enterprise’s IT infrastructure. There are numerous vendors across the globe whose CTI can be seamlessly made part of security interfaces like GRC tools, SIEM and other correlation engines. That being said, what information can be employed to generate actionable CTI to defend your enterprise security? Let’s look at the same in detail:
Drivers:
Drivers may vary anything from attacks like a ‘zero day’, business related breaking news, or certain announcements that cause vulnerabilities in the enterprise’s activities. Understanding the nature of the drivers can help increase the security vigilance.

Prerequisites:
This accounts for everything an attacker would need to trigger an attack on your IT infrastructure through intranet perimeter, network, endpoints and just about anything that is exposed to internet.
Capabilities:
The script Kidde’s could generate an attack but may not possess the capacity of post-attack activities. Or a professional attacker could have the capabilities of penetrating an attack but its defense mechanism may not be able to stop provide the attacker with intended results. Understanding the capabilities of the attacks and the attackers in absolute length can help defend security to a great extent.
Components:
Another element to considered to better equip security concerns is keeping an account of the attacking component’s tools, tactics and procedures that were used in the past attacks conducted by the attacker. This would help generate indicators to better prepare for the forthcoming attacks.
Measurement:
Measurement is important to determine the impact of the attack, mostly in terms of number and types of security events which are generated during the pre-attack condition. The more ways we can interpret different natures and depths of these measurements, the more the security interface can work on the counter-attack measures and recovery processes.
There are many security dimensions that when considered carefully can help avoid, tackle, monitor and help recovery of a security impeachment. While the aforementioned are a hand few, the list can get a lot longer to include threat vectors, compromise parameters, defense mechanism techniques, business impact analytics, attack patterns from the past, zero day detection, security control bypassing, post compromise information, etc.. The more we include these factors, the better IT security vigilance gets.

Cyber Threat Intelligence – What is needed?

Cyber Threat Intelligence (CTI) is a term used to address any kind of information that protects your organization’s IT assets from potential security impeachment. CTI can take many forms. It could be internet based IP addresses or geo locations TTP’s (Tools, Tactics and Practices). These work as indicators or early warnings of attacks which can take a toll on an enterprise’s IT infrastructure. There are numerous vendors across the globe whose CTI can be seamlessly made part of security interfaces like GRC tools, SIEM and other correlation engines. That being said, what information can be employed to generate actionable CTI to defend your enterprise security? Let’s look at the same in detail:
Drivers:
Drivers may vary anything from attacks like a ‘zero day’, business related breaking news, or certain announcements that cause vulnerabilities in the enterprise’s activities. Understanding the nature of the drivers can help increase the security vigilance.

Prerequisites:
This accounts for everything an attacker would need to trigger an attack on your IT infrastructure through intranet perimeter, network, endpoints and just about anything that is exposed to internet.
Capabilities:
The script Kidde’s could generate an attack but may not possess the capacity of post-attack activities. Or a professional attacker could have the capabilities of penetrating an attack but its defense mechanism may not be able to stop provide the attacker with intended results. Understanding the capabilities of the attacks and the attackers in absolute length can help defend security to a great extent.
Components:
Another element to considered to better equip security concerns is keeping an account of the attacking component’s tools, tactics and procedures that were used in the past attacks conducted by the attacker. This would help generate indicators to better prepare for the forthcoming attacks.
Measurement:
Measurement is important to determine the impact of the attack, mostly in terms of number and types of security events which are generated during the pre-attack condition. The more ways we can interpret different natures and depths of these measurements, the more the security interface can work on the counter-attack measures and recovery processes.
There are many security dimensions that when considered carefully can help avoid, tackle, monitor and help recovery of a security impeachment. While the aforementioned are a hand few, the list can get a lot longer to include threat vectors, compromise parameters, defense mechanism techniques, business impact analytics, attack patterns from the past, zero day detection, security control bypassing, post compromise information, etc.. The more we include these factors, the better IT security vigilance gets.

Wednesday, 18 November 2015

Why Retailers Should Recruit a Chief Omnichannel Officer Now

Thanks to modern technology and digital tools, the opportunities to interact with and buy from a brand today are ubiquitous. Customers want to shop anytime, anywhere. Omnichannel rules, and smart retailers are getting on board.
For the customer, the best of omnichannel creates a consistent and uniform experience across all touch-points — online, brick-and-mortar stores, social media, events, mobile and more — all the time. For the retailer, omnichannel reaches its pinnacle of effectiveness when each channel’s operations are connected at the back end and continuously provide integrated, customer-specific information coming into the organization. This highly valuable data can then be analyzed and acted upon, to build a sound strategy for new — and even more consistent — marketing and sales efforts going forward.
Transforming a multichannel entity into a true omnichannel organization is much easier said than done. It is a job that requires a dedicated, totally focused individual that has the responsibility — and seniority — to integrate multichannel systems (literally and figuratively) across all customer touch points: store operations, marketing, call center, and digital (which includes all forms of non-store-based commerce). This is made all the more difficult because traditionally — and naturally — most of today’s organizational structures have evolved into fairly ingrained silos.
Omnichannel

A chief omnichannel officer can help a retailer go from silos to seamless. Here are the specific responsibilities the officer should tackle:
Eliminate silos
Customer touch points today usually exist in the store as point-of-sale systems, online as e-commerce systems and on-the-go as m-commerce platforms, the contact center, and other systems. Up to now, sales and other information has been collected and stored right back within the different system silos.
Retailers still getting used to multichannel efforts have traditionally kept channels independent of one another. This approach is fine, but does it really provide a true picture of how r customer interacts with a brand all the time? A savvy chief omnichannel officer will eliminate silos and integrate all channels at the back end to then take the next step: making the most of data that is generated by the customer.
Get the most out of customer information
To turn customer data into real information assets in aggregate, a central repository that can syndicate useful product information back out to the various channels must be created, and that is one big job. Today, disparate CRM systems are left struggling to get a single, consistent view of the customer. Customer information is one of the most valuable of assets in retail but it in a multi-siloed organization this data is rarely utilized properly.
The lifeline of a truly effective omnichannel experience is data that is integrated in terms of every customer data touch point, and that means integrating existing systems without minimizing each systems’ effectiveness, which is a tricky IT challenge that should be up front and center to a chief omnichannel officer.
Get staff on the same (omnichannel) page
Technical problems apart, siloed skills among staff create their own issues. Disconnects exist between a retailer’s business and technical staff. Open conversations that focus on people, processes and technology are rare between the chief marketing officer and CIO.
Separate heads for all functions — marketing, finance, merchandising, HR, stores, etc. — all report to the CEO or president. As a result, very few people have a holistic understanding of the business, much less what it takes to create an omnichannel presence. What’s more, most high-level, C-suite executives are too tied up with other business issues to commit to the kind of focus necessary to drive the creation of a functioning omnichannel organization.
A key responsibility of an omnichannel officer should be to drive — from a senior level — a commitment to omnichannel throughout the organization, oversee accountability in that commitment, and ingrain omnichannel into the company culture. Change is hard, but breaking silos to achieve synchronization, alignment and ownership among staff is paramount.
The omnichannel chief must encourage active involvement, monitoring, facilitation and support from channel leaders. To do this and communicate effectively with function heads, the officer must have an understanding of all customer touch points, the organization’s holistic business needs, and a direct reporting status to top leadership.
Be interested in revenue generation
Transformation into an omnichannel organization might come faster if, besides managing the development of strategies that integrate the company’s systems, people and activities, the chief omnichannel officer takes on somewhat of a P&L role.
When recruiting for the position, discuss the possibility of responsibility for revenue generation activities along with a reasonable share of the profitability. In the ideal scenario, the chief omnichannel officer will look after the execution of omnichannel and will also be responsible for the ROI on marketing investment. In that way, he or she can inseminate an organic acceptance of omnichannel best practices across all departments, while at the same time encouraging digital growth in such a way that it doesn’t affect current high-performing channels.
No doubt, the idea candidate needs to be one talented and well-rounded individual. Someone with strong digital marketing experience and exposure to other key business functions is a good place to start, and should enable the individual to grow into the role properly in a short period of time.
Simply put, transforming an organization into an omnichannel powerhouse is an exercise in managing change. Placing the right person in charge near the top of your organization will make it clear to all that it is an initiative to be taken seriously. Setting the right tone with all stakeholders will speed sincere acceptance and motivate everyone to deliver. If a retailer can achieve this, the company is on its way to converting your investment in omnichannel into tangible long-term results and strategic market advantage.
Salil Godika is co-founder of Happiest Minds, a next generation digital transformation, infrastructure, security and product engineering services company. With 19 years of experience in the IT industry across global product and services companies, he previously was with Mindtree for four years as the chief strategy officer/M&A and held P&L responsibility of an Industry group. Before Mindtree, Salil gained 12 years’ experience in the United States working for various software product companies large as well as start-ups.

Thursday, 5 November 2015

Web Summit 2015: The Tech World Musings From Dublin

Grown from the 400 attendees five years back to the current 22000 tech enthusiasts, the Web Summit 2015 continues to deliver innovative ideas and fascinating thoughts to the tech world gathered at the bustling RDS venue, Dublin.

Cars and technology took the center stage on day 2. Augmented reality, Virtual Reality, Drones, and Wearables were also some of the key highlight topics that seized the audience attention on day 2. Check out some of the most interesting tech talks from day 2 at Dublin. Ford chief executive Bill Ford, pointed out the promising intersection between cars – an industry that has been “revolution- resistant for a hundred years” - and technology. He added that Ford is redefining itself as a “mobility company” with an interest in autonomous driving, net-connected cars along with data collection and analytics. Sean Rad of Tinder, the CEO of location- based dating app highlighted about the data that drives it and the future of the platform. On a lighter note, he added that the Irish user base was extremely active on the app.

Web summit

The most exciting part of day 2 was the live demonstration of a drone that flew into the center stage by Randy Braun of DJI- a World Leader in Camera Drones/Quadcopters. The tech enthusiasts including me curiously heard that DJI along with Humanitarian UAV Network uses their drones or Unmanned Aerial Vehicles UAV’s for a wide range of humanitarian and development settings. Google showcased its famous virtual reality platform ‘Google Cardboard’, basically a cardboard case for smartphones that works in conjunction with compatible apps for projecting 3D images or videos. The wonders of the virtual reality did not ended with Google’s Cardboard. Columbian company Protesis Avanzadas showcased a 3D robotic prosthetic hand, an affordable multifunctional prosthetic hand that can replicate many of the grip patterns of the human hand, in the summit center stage. The Head of Adtech at Facebook, Dave Jakubowski took to the Marketing Summit- the state of the industry, FOMO (Fear of Missing Out) in the digital age.

All the tech talks surrounding Virtual Reality, Augmented Reality and Machine Learning reminds us that we are swiftly moving into an age of transformation, where the bridge between the digital and the real world slowly blurs out. All these technology advancements also hold the great potential to redefine the existing business models. As a part of a digital transformation company Happiest Minds, which is strongly focused on the new age disrupting technologies including IoT, Big Data, M2M Learning, Cloud and Mobility, I strongly feel that very interesting days are coming ahead in terms of technology as well as the customer experience.

Anticipating more exciting and insightful talks and demos from the Web Summit 2015 stage, on the closing day, 5th of November. Stay tuned.

Wednesday, 30 September 2015

How to Protect Your Data from Third-Party Breaches

 How to Protect Your Data from Third-Party Breaches

The December 2013 Target data breach that compromised the credit card information of 40 million customers was the first of many wake-up calls to organizations, bringing home the damage a company can sustain when a partner’s systems are hacked. As the whole world now knows, the HVAC supplier had access to more of Target’s systems than was needed or intended, and hackers infiltrated Target’s network through the partner’s own vulnerable solution.

Sadly, Target is not the lone case. More recently, 15,000 Boston Medical Center patients’ personal information and the payment card details of 868,000 Good will customers were compromised through data breaches at vendor companies with access to the organizations’ systems. In fact, a recent PwC study found the biggest challenge to security today is from internal sources – employees and partners – not external threats.

Vendors often need remote access to maintain your internal systems, but they may not be as stringent about security processes as your chief security officer, CIO, or IT team. For example, partners’ systems may use software that a developer no longer supports, and is hence, vulnerable. Even worse, they may use the same administrative passwords across every customers’ systems.

All this translates into the need for a far more comprehensive information security risk management strategy — one that not only oversees your data, but also third-party access rights, the robustness of network defenses, and more.

Here are some best practices to help protect your network from third-party data breaches:

Be aware of what your vendors can remotely access. Understand what kind of data and which systems your vendors can access, and the levels of access they enjoy. Can they retrieve any critical data they do not need for their work? Or do they have access only to the resources necessary to perform their jobs? This is of particular importance when you work with infrastructure management partners, for instance, because these have privileged access that could pose a significant threat if not properly secured. Provide access to data and systems only on a need to know basis.

How to Protect Your Data from Third-Party Breaches

Standardize remote access methodologies. The proliferation of available remote access methodologies (WebEx, web conferencing tools, and virtual private networks, for example) makes it difficult to monitor and manage access controls. Simplify this and better manage connections made to your network by defining the specific methodologies you will allow.

Use stronger authentication. Insist that vendors who must access your environment use two-factor authentication and institute well-defined access control processes.

Segment your network behind firewalls. It is advisable to allow vendors access only to a specific segment of the network, with this segment being firewalled from others. Network segmentation can limit the damage from a third-party data breach. To make this even more effective, provide dedicated systems for vendors, so they do not use their systems to connect to your network.

Monitor network defenses frequently. Frequently audit access controls and security policies to identify potential security gaps that can be plugged before a breach occurs. Real-time analyses allow your IT department to see what is being accessed by whom and why, as your vendors connect to your network. This helps proactively identify any problematic activity.

Hold vendors to the same security standards you hold yourself. However stringent your organization’s security system, all is nullified if your vendors are not equally particular. Define your security requirements upfront when signing on a new vendor. Review their security processes and access control policies, and check if they conduct regular penetration testing on their systems and network. Insist they adhere to the same standards as your organization in the areas of data protection, identity management, authentication, and other security measures.

Proactively plan for third-party breaches. You will (or should) already have a robust incident response and disaster recovery plan for attacks on your own systems. Take this a step further by planning a defense against third-party attacks as well. Ask your vendors to demonstrate how they protect your data, their incident response plan, and how they will deal with breaches that can affect your data.  

Periodically verify your vendor’s security posture. Security assurance is not a one-time task but a continuous process. Conduct periodic audits of your vendors to make sure that they follow best practices and have the necessary technical controls in place. The aim should not be to review every vendor you engage, but to conduct a thorough audit with greater frequency for targeted, high-risk vendors.

In this, as in other aspects of your relationship with your vendors, work with partners to identify security gaps and protect against breaches before they occur. Industry standards are gradually evolving to this end as well. The latest version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) mandates that organizations pay closer attention to partners’ security practices. This will probably provide the much-needed nudge to get businesses to think beyond only their own security posture.