By Antoine Harb, Team Leader, Middle East and North Africa at Kingston Technology

The banking and financial sector faces heavy cybersecurity challenges, with hackers consistently zeroing in on its rich trove of sensitive data. Figures released by IBM and the Ponemon Institute revealed that the average cost of a data breach in the financial sector in 2021 was at USD 5.72 million[1].

Without a doubt, cyberattacks lead to astronomical financial losses and reputational issues that can erode customer trust. Banking and financial institutions have, thus, been ramping up their cybersecurity protocols to combat online breaches and comply with existing local and international regulatory requirements.

Implementing a comprehensive cybersecurity strategy specific to the needs of the industry in general and the organisation in particular is crucial. Data protection through encryption and backup is one of the fundamentals of practical corporate information management tactics.

However, for some banks, owning their data infrastructure is preferable than collaborating with third parties for their data encryption, storage and backup requirements. They turn to mobile security solutions as part of their measures of securing and keeping the integrity of their data and applications.

This is where encrypted USB drives come in. Specifically, hardware-centric, software-free encryption is considered one of the more effective, non-complicated solutions to online network breaches. By using state-of-the-art encrypted USB devices, organisations can also be more confident in meeting stringent regulatory standards, minimising risks and ensuring optimum data protection and safety.

With custom architectures that incorporate a premium onboard encryption controller and access control, these USB drives are designed with advanced security features. They work by encrypting data using the strongest AES-256 bit encryption in XTS mode, and then combine this with other safeguards to combat physical- and firmware-based attacks. More specifically, FIPS 197 or FIPS 140-2 Level 3 drives can add greater data protection levels, which are an essential data security requirement for businesses and government entities.

With hardware-encrypted USB drives, deploying relevant software programs is unnecessary. As the software program is removed from the equation, an organization can significantly reduce its exposure to software vulnerabilities such as brute-force, sniffing and memory hash attacks.

Furthermore, with hardware-encrypted USB, banks and other financial services institutions are more positioned to prevent users from turning off encryption, resetting the password rules specifically the minimum length and complexity and disabling the automatic password retries.

A unique recognition feature that can identify the manufacturer (vendor ID) and product model (product ID) increases data security as well. Thanks to this functionality, if a drive is plugged into the companys inner or outer firewall, it can be identified as a company-issued device by using a unique serial number. The feature is available on all of Kingston Technologys encrypted USB drives.

Another advantage of utilising hardware-encrypted USB is that the device allows an administrator to establish information access criteria for the user and then integrate this with existing local endpoint solutions. This is highly critical, especially in cases of malfunctioning cloud storage or when data is stored in devices that are not networked and for which offline access is required. It should be noted, however, that not all hardware-encrypted USBs are equipped with such a feature.

High-performance hardware-encrypted USB drives serve as an extra layer of data protection, acting as secure portable storage that meets ever-changing requirements. They permit fast data transfer and ensure safe data storage and backup, especially at times when regulatory information is needed to be hand delivered or when documents are required to be printed out on-site or off-site, among others.

Providing peace of mind, these compliant devices are not only easy to use and deploy but also more capable of fighting off brute force attacks compared to software encryption. This is because hardware encryption is designed to be separated from the host system, thereby making it much harder to breach.

With the rising popularity of cloud storage, some may consider USB drives as no longer relevant in todays industry landscape. But with their advanced features, hardware-encrypted USB drives, in reality, afford better data protection, confidentiality and compliance standards.

[1] https://www.upguard.com/blog/biggest-cyber-threats-for-financial-services

The rest is here:
Encrypted USB drives and cyber threats facing the financial sector - Tahawul Tech

Whether youre sharing confidential information or swapping movie ideas with a friend, people are turning to private messaging apps that offer end-to-end encryption to protect the contents of their conversations.

When data is shared over the internet, it often traverses a series of networksto reach its destination. Apps such as WhatsApp, owned by social media giant Meta (formerly Facebook), provide a level of privacy that even challenges Government agencies from accessing encrypted conversations.

However, with the apps constantly changing their security and privacy policies, are the messages still safe from being decrypted?

Back in May 2021, disapproval by the online community with the changes to WhatsApps privacy policy for business entities using the platform, saw many users switch to other private messaging apps such as Signal and Telegram.

Cybersecurity expert, Dr Arash Shaghaghi from UNSW School of Computer Science and Engineering and UNSW Institute for Cyber Security, compares encryption to the likes of having a secret conversation between you and another person.

To keep our information away from prying eyes, we rely on cryptographic algorithms to encrypt our data. Encryption involves converting human-readable plaintext into an encoded format and the data can only be read after its been decrypted, he says.

Encryption involves using a key to lock a message, while decryption is using a key to unlock a message.

In theory, if an outsider observed an encrypted conversation, they could not make sense of it, and they will need the appropriate key to decrypt it.

Interestingly, with some end-to-end encryption protocols, such as Signal, even if someone steals the encryption keys and taps over the connection, they cannot decrypt messages already sent. In crypto parlance, this is termed as forward secrecy.

Read more:Camfecting: how hackers attack by gaining access to your webcam

Modern encryption algorithms have been battle-tested and shown to have no known vulnerabilities. While it doesnt mean its impossible to crack, the process requires extensive processing powers and could take a significantly long time to do. Quantum computers, if they mature enough, will be able to crack much of today's encryption.

Attackers commonly target endpoints and their vulnerabilities. This is much easier than cryptanalysis which is the process used to breach cryptographic security systems.

For instance, last year, attackers targeted a vulnerabilityrelated to WhatsApps image filter functionality that was triggered when a user opened an attachment containing a maliciously crafted image file. There have been more seriousand less complicated vulnerabilities reported targeting WhatsApp clients running on iOS and Android.

Dr Shaghaghi says when you back up your messages on some of the messaging platforms, your messages are pushed to the cloud. This means that all your messages are now stored on someone elses computer.

The service providers implementation of end-to-end encryption plays a significant role in the security and privacy of a messaging app against the provider and attackers, he says.

WhatsApp used to keep a backup of the messages in an unencrypted format over iCloud for Apple users and Google Drive for those who used WhatsApp in Android. Even though WhatsApp adopted an end-to-end encryption model in 2016, unencrypted backups were vulnerable to government requests, third-party hacking, and disclosure by Apple or Google employees."

In 2021, WhatsApp rolled out an option for users to enable end-to-end encryption of their backups. While this was welcomed as a positive step forward, it should be the default for all users - not offered as an option, saysDr Shaghaghi.

Users concerned about the security and privacy of their data must make sure to enable the end-to-end encryption backup for WhatsApp and other messaging platforms.

Unless you are backing your data to an encrypted server, you are still vulnerable to have it hacked. Photo: Shutterstock

Unlike WhatsApp and Signal, Telegram does not have end-to-end encryption enabled by default. Only when the secure chat function is enabled, Telegram applies the MTProto protocol, an open-source and custom-developed protocol by the messaging provider.

As far as we know, Signal, Telegram and WhatsApp are secure in providing end-to-end encryption, if the option is enabled, says Dr Shaghaghi.

However, Signal is built with privacy and security as the primary motivation. Signals endpoint source code is also available to the public this allows anyone to inspect the code and identify vulnerabilities.

I believe the consensus is that Signal is a more secure and privacy-friendly messaging solution when compared to WhatsApp, Telegram, or Facebook Messenger."

With so many messaging platforms available on the market, Dr Shaghaghi says there are some simple steps to take to help safeguard a users privacy.

Messaging platforms contain a lot of private information so it's worth ensuring that the platform we use has a good reputation for ensuring the security and privacy of its users, he says.

It is also worth spending a few extra minutes to enable some of the more advanced security features these platforms offer, such as end-to-end backup encryption or multi-factor authentication.

And whichever platform you decide to use, its best practice to ensure we use the latest version of the apps and avoid downloading apps from third-party stores.

Read more:How cyberspace has become the new battleground in modern day warfare

There have been strong calls by different Government organisations for these apps to include backdoors which would provide access to data when deemed required by authorities.

Recent leaksfrom the US Federal Bureau of Investigation (FBI) demonstrated that even with a subpoena, powerful government entities have limited access to messages exchanged over apps that use end-to-end encryption.

This argument is especially worrying for many users who are concerned that its the first step away from the strong encryption principles that they rely on to ensure the security and privacy of their data.

There have been ongoing debates in Australia and overseas regarding this topic.

From a security engineering perspective, implementing a backdoor is never a good idea, says Dr Shaghaghi.

There is no guarantee that malicious hackers do not find out about these backdoors too and exploit them.

However, those in favour of a solution allowing access for law enforcement agencies argue that they need access given the increasing usage of these platforms by criminals.

Some messaging providers and tech companies have responded by making changes to the functionality of the platform.

To meet regulatory requirements, WhatsApp now allows users to flag a message to be reviewed by their moderators. This needs to be initiated by a user and when a message is flagged, the few messages before it is also forwarded to WhatsApp moderators, says Dr Shaghaghi.

"Apple has promoted encrypted messaging across its ecosystem and have fought off law enforcement agencies looking for records.

In 2021, they announced child safety features that include detecting sexually explicit pictures over iMessage, another platform using end-to-end encryption. To implement this feature, Apple plans to implement the detection on the device and not through an encryption backdoor.

I think we can balance the need for moderating criminal content and security and privacy requirements by breaking down the problem into more specific use-cases and developing innovative solutions.

Read this article:
Unlocking the secret to private messaging apps - UNSW Newsroom

WhatsApp has achieved its widespread global popularity thanks to its multi-platform support, secure encryption, and wide array of communication features. But the app isn't for everyone, and you might be looking for a WhatsApp alternative that mimics many of the best aspects of the app. Here are seven of the best alternatives to WhatsApp.

Telegram is a popular messaging app that offers voice, video, and text chat along with a mix of security options. Voice calls are automatically encrypted end-to-end, for example, and the app offers a secret chat mode in which your texts are also end-to-end encrypted, plus have a self-destruct timer. Routine texts aren't as secure, though. It's also one of the few apps that lets you lock the app itself, so if someone gets physical access to your phone, they still can't read your messages in Telegram. It's free for iPhone, Android, and even runs in a browser.

If you're looking for the strongest security in a WhatsApp alternative, Signal is probably what you need. The app leans hard into privacy with complete end-to-end encryption for voice, video, and text conversations when you chat with other Signal users. And the company behind Signal is a US-based non-profit organization that has no profit incentive to sell your data. You can set messages to self-destruct as well. On the other hand, the app is missing a sense of fun you might be looking for; there are no stickers or built-in GIFs, for example. It's available for free for both iPhone and Android.

While most messaging apps are free, Threema is not it costs $5 on both iPhone and Android (and you can use it in a web browser as well). In return, you get complete end-to-end encryption for voice, video, and text messages, as well as file exchanges. It's also one of the very few apps which does not require you to sign up or confirm your account using your phone number, making it highly anonymous. You might also appreciate some of the extra features, like the ability to create polls and surveys, as well as search for images using natural language.

Facebook Messenger is an incredibly popular messaging app thanks to its connection to Facebook, and it's available for free for both iPhone and Android (plus you can use it in a browser). It includes all the basics, such as voice, video, and text messaging, as well as stickers and GIFs, if you are interested in that sort of thing. If you're concerned about privacy and security, though, it's worth noting that while Facebook is rolling out end-to-end encryption to Messenger, that feature is coming slowly and may not be fully available until 2023.

Kik is a little more than just a messaging app; it has a social component that makes it easy to meet new people to chat with, if you're looking for more than just a way to stay in touch with friends and family. Sort of like TikTok, you can join live broadcasts and watch and chat with a large number of other users. And when it comes to getting friends and family online, you can let people scan a QR code found in your profile to get them into a chat instantly. It's free for iPhone and Android, though there are a fair number of ads to contend with. If you value your privacy though, you can sign up with an email address without revealing your phone number.

Part of Microsoft's office productivity suite, Skype has always had something of a business focus, so it might not spring to mind for casual users. It's a full-featured communication app, though, and suitable for both work and recreation. As you'd expect, it can easily do voice, video, and text chats, as well as exchange files. Thanks to a variety of plug-ins, you can record video and voice calls when using Skype on the desktop, though it's also available for iPhone and Android. Perhaps the best reason to use Skype is for its more advanced features, though, like the ability to get real-time language translation, and the fact that you can use Skype to make calls to landline phones (with low international rates).

Viber doesn't have the same name recognition as many other communication apps, but like Skype, it is a solid option if you want an app that can also place calls to mobile phones and landlines in addition to chatting with other app users. Free for iPhone and Android, it has voice, video, and text chat features, and it does this with end-to-end encryption for secure communication.

Dave Johnson

Freelance Writer

See the original post here:
The 7 best apps you can use as a WhatsApp alternative - Business Insider

The research analysison Database Encryption market offers a thorough assessment of the major growth opportunities, roadblocks, and other channels for expansion that will affect the industry's growth between 2022 and 2028.

Additionally, the research report predicts that during the projection period, this marketplace would display a healthy CAGR and produce commendable returns.

The document provides a comprehensive analysis of the economic condition to assist stakeholders in developing effective growth strategies for their future investments. The report also provides information on well-known companies that are operating in this industry sector, including information on their business portfolios and development trends as well as key information on the market segmentations.

Request Sample Copy of this Report @ https://www.newsorigins.com/request-sample/56392

Key Information from the Database Encryption market report:

Product category:

Applications overview:

Competitive landscape:

Database Encryption Market segments covered in the report:

Regional terrain:

This Database Encryption market analysis Report Contains Answers To Your Following Questions:

Request Customization for This Report @ https://www.newsorigins.com/request-for-customization/56392

Read more from the original source:
Database Encryption Market Analysis and Demand with Forecast Overview to 2028 - NewsOrigins

PopularPeriod and Pregnancy Tracking Wearable for Women is One of Safest Cyber Security and Data Wise

SILICON VALLEY, Calif., Aug. 18, 2022 /PRNewswire/ --In early July,Bellabeatwas the first pregnancy tracker to roll out a new layer of data security to protect their base of all female end users' data in the wake of the United States Supreme Court overturning Roe Vs. Wade. Like many mobile apps, they had been using full end-to-end encryption of their Bellabeat mobile app for users of all of their Bellabeat wearable products, with end-to-end encryption being the common and secure way to protect customers' data. The company determined that to protect their health data, it is necessary to take data their security a step further without haste. As of August 17th, 2022, eighteen out of 25 reproductive health apps and wearable devices that Mozilla investigated for privacy and security practices received a*Privacy Not Includedwarning label. Bellabeat did not receive a warning label as they have been exceptionally public in immediately taking the following steps after the newest Roe vs. Wade ruling.

The newly implemented Private Key Encryption (AES-256) feature will enable all Bellabeat users to access and decrypt her data using a private key via her Bellabeat smartphone app. Any data stored on the Bellabeat servers will be in an encrypted form only. Thus, no one can access the Bellabeat servers (lawfully or unlawfully). Also, adding the extra layer of security where data stored on the company's servers cannot be read without holding an individual user's private key. The only person that can access the confidential health data and info in its decrypted form will be the Bellabeat customer herself. The private key is a password or a pin code that only the user herself knows or stores on her private device. Without that key, her data is unreadable. Ideally, implementing the new security feature gives full control and ownership of data to Bellabeat's end users. The company will therefore not be able to benefit from collecting end-user data in any shape or form, including for internal research or product improvements. Bellabeat executives determined that there was not a question in options and that users' safety at this time is of the utmost importance. The feature is currently in testing and will be rolled out within all Bellabeat products having women's' reproductive health tracking features (period and pregnancy data tracking) by end of July.

Story continues

The decision for the exceptional layer of data security comes in the wake of the U.S. Supreme Courts June 24th, 2022, ruling to overturn the landmark case Roe v. Wade, in which the Court ruled thatthe Constitution of the United States generally protects a pregnant woman's liberty to choose to have an abortion. The overturning of Roe Vs. wade now gives states a license to ban abortion. Thirteen U.S. states, mainly within the south and midwest, had trigger bans to be activated upon supreme court decision and will now start taking effect. Some immediately upon the ruling being released. As Bellabeat is a Women's health tracker with a specific focus on menstrual, reproductive, and fertility tracking, end-to-end encryption was determined to be of the utmost importance to protect the fast-growing companies' customers.

"Our business is helping women to track and understand their cycles and bodies. The Overturning of Roe Vs. Wade is a tremendous blow to women's rights. It is an incredibly sad and terrifying day for Women's health and Women's rights. Many women are now in fear of exactly what to share and where to share it. This ruling will change how health data and records are maintained offline with OBGYNs and primary care physicians, what women feel safe to disclose, and will grossly change how women will choose to share their reproductive information online. We will continue to be a safe and progressive space for women to track their cycles, fertility, and all wellness concerns," states Urska Sren Co-Founder of Bellabeat. "Incorporating the Private Key encryption feature means an extra layer of security designed to ensure our users' safety. This also means our end users can be sure that we are unable to leak or sell their data and that a breach or break within Bellabeat's servers will never mean a threat to their personal safety."

In a recentWall Street Journal articlelegal experts are quoted to say that in a scenario where Roe is overturned, your digital breadcrumbsincluding the kind that come from period trackerscould be used against you in states where laws criminalize aiding in or undergoing abortion.

"It is a horrific idea that your health data and digital breadcrumbs could be used against you to criminalize women making life-changing reproductive choices. It's not a sentiment reflected anywhere in healthcare or health rights for the male body. We stand with women everywhere and have taken the necessary steps End-to-end. We also do not sell or share our customer info," states Sandro Mur, CoFounder of Bellabeat. "The implementation of the Private Key Encryption ensures that we will never be placed in a position, as a company, where we could be forced to submit user's private health data in its readable form."

Bellabeat is a leader in creating wellness technology whose products include wearables are specifically made for women that track health, wellness, and reproductive info via The Bellabeat Ivy, Leaf Urban, and Leaf Chakra. Bellabeat is aimed exclusively at women and recently announced that they have started the process of submitting an official application to the FDA for their product, the Bellabeat Ivy. Obtaining a license from the U.S. Food and Drug Administration (FDA) would allow doctors and clinicians to officially use the Ivy wearable technology to monitor the menstrual cycle in the treatment of women. The Bellabeat Ivy is specifically made for women. In recent coverage, it has been seen as an outstanding health tracker to monitor and track a woman's menstrual cycle, fertility, postpartum depression symptoms, menopause symptoms, and more.

For media inquiries on the Bellabeat mobile app or additional quotes or interviews surroundingBellabeat data protectionupon the overturning of Roe Vs. Wade, please emailmtatum@bpm-prfirm.comor call 877.841.7244.

About Bellabeat

Bellabeat Inc. is a Silicon Valley company building tech-powered wellness products for women. The Bellabeat team previously released the Bellabeat Ivy and disruptive Leaf health tracking jewelry for women and the first smart water bottle powered by A.I. Bellabeat is now revolutionizing the FemTech space by taking natural cycles into account when creating its guided programs and Ivy Smart Bracelet, helping women reach their health goals more effectively and enjoyably. Visithttps://bellabeat.com/for additional information.

Media Contact:Monique Tatum877.841.7244342922@email4pr.com

Cision

View original content to download multimedia:https://www.prnewswire.com/news-releases/bellabeat-is-first-period-and-pregnancy-tracking-app-and-wearable-to-implement-private-key-encryption-aes-256-security-feature-to-protect-womens-data-in-the-wake-of-roe-vs-wade-overturn-301608919.html

SOURCE Bellabeat

Visit link:
Bellabeat is First Period and Pregnancy Tracking App and Wearable to Implement Private Key Encryption (AES-256) Security Feature to Protect Women's...