Category Archives: Internet Security
Enterprise Firewall Market Overview and Regional Outlook with Research Study 2019 2026 – 3rd Watch News
TheEnterprise Firewall Market: Global Industry Analysis, Size, Share, Growth, Trends, and Forecast, 2015 2021report covers all of the aspects required to gain a complete understanding of the pre-market conditions, current conditions as well as a well-measured forecast.This report also researches and evaluates the impact of Covid-19 outbreak on theEnterprise Firewall Market, involving potential opportunity and challenges, drivers and risks. We present the impact assessment of Covid-19 effects onEnterprise Firewall Marketand market growth forecast based on different scenario (optimistic, pessimistic, very optimistic, most likely etc.).
Zion Market Researchindicates that the globalEnterprise Firewall Marketis expected to surge at a steady rate in the coming years, as economies flourish. The research report provides a comprehensive review of the global market. Analysts have identified the key drivers and restraints in the overall market. They have studied the historical milestones achieved by the globalEnterprise Firewall Marketand emerging trends. A comparison of the two has enabled the analysts to draw a potential trajectory of the globalEnterprise Firewall Marketfor the forecast period.
This Research Help Grow Your Business [Download Sample PDF of Research Report]
For making the research report exhaustive, the analysts have included Porters five forces analysis and SWOT analysis. Both these assess the path the market is likely to take by factoring strengths, weaknesses, opportunities, and threats. The Porters five forces analysis elucidates the intensity of the competitive rivalry and the bargaining power of suppliers and buyers. Furthermore, the research report also presents an in-depth explanation of the emerging trends in the global Enterprise Firewall Market and the disruptive technologies that could be key areas for investment.
The Leading Market Players Covered in this Report are:
Cisco Systems, Juniper Networks, Palo Alto Networks, IBM Internet Security Systems, McAfee, FortinetInc., WatchGuard Technologies, Huawei Technologies and ImpervaInc.
GlobalEnterprise Firewall MarketMarket: SegmentationThe chapters of segmentation allow the readers to understand the aspects of the market such as its products, available technologies, and applications of the same. These chapters are written in a manner to describe their development over the years and the course they are likely to take in the coming years. The research report also provides insightful information about the emerging trends that are likely to define progress of these segments in the coming years.
Get Sample PDF [emailprotected]@https://www.zionmarketresearch.com/sample/enterprise-firewall-market
Competition analysis
As the markets have been advancing the competition has increased by manifold and this has completely changed the way the competition is perceived and dealt with and in our report, we have discussed the complete analysis of the competition and how the big players in the Enterprise Firewall Market have been adapting to new techniques and what are the problems that they are facing.
Our report which includes the detailed description of mergers and acquisitions will help you to get a complete idea of the market competition and also give you extensive knowledge on how to excel ahead and grow in the market.
Inquire More about Report:https://www.zionmarketresearch.com/inquiry/enterprise-firewall-market
Regions Covered in the GlobalEnterprise Firewall Market:
Here is the COVID-19 Impact Analysis :https://www.zionmarketresearch.com/custom/196?covid19=true
Strategic Points Covered in TOC:
Chapter 1:Introduction, market driving force product scope, market risk, market overview, and market opportunities of the globalEnterprise Firewall Market
Chapter 2:Evaluating the leading manufacturers of the globalEnterprise Firewall Market which consists of its revenue, sales, and price of the products
Chapter 3:Displaying the competitive nature among key manufacturers, with market share, revenue, and sales
Chapter 4:Presenting globalEnterprise Firewall Market by regions, market share and with revenue and sales for the projected period
Chapter 5, 6, 7, 8 and 9: To evaluate the market by segments, by countries and by manufacturers with revenue share and sales by key countries in these various regions
Browse Full Report:https://www.zionmarketresearch.com/report/enterprise-firewall-market
Important Features that are under offering & key highlights of the report: Detailed overview of Enterprise Firewall Market Changing market dynamics of the industry In-depth market segmentation by Type, Application etc Historical, current and projected market size in terms of volume and value Recent industry trends and developments Competitive landscape of Enterprise Firewall Market Strategies of key players and product offerings Potential and niche segments/regions exhibiting promising growth A neutral perspective towards Enterprise Firewall Market performance
The classification of the globalEnterprise Firewall Marketis done based on the product type, segments, and end-users. The report provides an analysis of each segment together with the prediction of their development in the upcoming period. Additionally, the latest research report studies various segments of the globalEnterprise Firewall Marketin the anticipated period.
Thanks for reading this article; you can also get individual chapter wise section or region wise report version like North America, Europe or Asia.
Note In order to provide more accurate market forecast, all our reports will be updated before delivery by considering the impact of COVID-19.
(*If you have any special requirements, please let us know and we will offer you the report as you want.)
See the original post:
Enterprise Firewall Market Overview and Regional Outlook with Research Study 2019 2026 - 3rd Watch News
Global Internet of Things (IoT) Security Market Trends, Opportunities, Key Players, Growth, Analysis, Outlook & Forecasts To 2026 – Daily Research…
This report focuses on the global Internet of Things (IoT) Security status, future forecast, growth opportunity, key market and key players. The study objectives are to present the Internet of Things (IoT) Security development in North America, Europe, China, Japan, Southeast Asia, India and Central & South America.
The key players covered in this study
DOWNLOAD FREE SAMPLE REPORT:https://courant.biz/report/global-internet-of-things-iot-security-market/41855/
Market segment by Type, the product can be split into
Market segment by Application, split into
Market segment by Regions/Countries, this report covers
The study objectives of this report are:
To analyze global Internet of Things (IoT) Security status, future forecast, growth opportunity, key market and key players.
To present the Internet of Things (IoT) Security development in North America, Europe, China, Japan, Southeast Asia, India and Central & South America.
To strategically profile the key players and comprehensively analyze their development plan and strategies.
To define, describe and forecast the market by type, market and key regions.
In this study, the years considered to estimate the market size of Internet of Things (IoT) Security are as follows:
For the data information by region, company, type and application, 2019 is considered as the base year. Whenever data information was unavailable for the base year, the prior year has been considered.
If you have any special requirements, please let us know and we will offer you the report as you want.
1 Report Overview
1.1 Study Scope
1.2 Key Market Segments
1.3 Players Covered: Ranking by Internet of Things (IoT) Security Revenue
1.4 Market Analysis by Type
1.4.1 Global Internet of Things (IoT) Security Market Size Growth Rate by Type: 2020 VS 2026
1.4.2 Network Security
1.4.3 Endpoint Security
1.4.4 Application Security
1.4.5 Cloud Security
1.4.6 Others
1.5 Market by Application
1.5.1 Global Internet of Things (IoT) Security Market Share by Application: 2020 VS 2026
1.5.2 Building and Home Automation
1.5.3 Supply Chain Management
1.5.4 Patient Information Management
1.5.5 Energy and Utilities Management
1.5.6 Customer Information Security
1.5.7 Other
1.6 Study Objectives
1.7 Years Considered
2 Global Growth Trends by Regions
2.1 Internet of Things (IoT) Security Market Perspective (2015-2026)
2.2 Internet of Things (IoT) Security Growth Trends by Regions
2.2.1 Internet of Things (IoT) Security Market Size by Regions: 2015 VS 2020 VS 2026
2.2.2 Internet of Things (IoT) Security Historic Market Share by Regions (2015-2020)
2.2.3 Internet of Things (IoT) Security Forecasted Market Size by Regions (2021-2026)
2.3 Industry Trends and Growth Strategy
2.3.1 Market Top Trends
2.3.2 Market Drivers
2.3.3 Market Challenges
2.3.4 Porters Five Forces Analysis
2.3.5 Internet of Things (IoT) Security Market Growth Strategy
2.3.6 Primary Interviews with Key Internet of Things (IoT) Security Players (Opinion Leaders)
3 Competition Landscape by Key Players
3.1 Global Top Internet of Things (IoT) Security Players by Market Size
3.1.1 Global Top Internet of Things (IoT) Security Players by Revenue (2015-2020)
3.1.2 Global Internet of Things (IoT) Security Revenue Market Share by Players (2015-2020)
3.1.3 Global Internet of Things (IoT) Security Market Share by Company Type (Tier 1, Tier 2 and Tier 3)
3.2 Global Internet of Things (IoT) Security Market Concentration Ratio
3.2.1 Global Internet of Things (IoT) Security Market Concentration Ratio (CR5 and HHI)
3.2.2 Global Top 10 and Top 5 Companies by Internet of Things (IoT) Security Revenue in 2019
3.3 Internet of Things (IoT) Security Key Players Head office and Area Served
3.4 Key Players Internet of Things (IoT) Security Product Solution and Service
3.5 Date of Enter into Internet of Things (IoT) Security Market
3.6 Mergers & Acquisitions, Expansion Plans
ACCESS FULL REPORT:https://courant.biz/report/global-internet-of-things-iot-security-market/41855/
About us :
Courant Market Researchis a source of well categorised database of research reports which offers you market research reports in the form of statistical surveying, evaluated database and forecasting with expertise researchers.
See original here:
Global Internet of Things (IoT) Security Market Trends, Opportunities, Key Players, Growth, Analysis, Outlook & Forecasts To 2026 - Daily Research...
WISeKey develops WIShelter Covid-19 secured smartphone app, using digital IDs and blockchain protocols, to certify users that are not infected with…
WISeKey develops WIShelter Covid-19 secured smartphone app, using digital IDs and blockchain protocols, to certify users that are not infected with COVID-19
A Webinar organized by WISeKey on how to Help Governments, Health and Travel Organizations Deploy a WIShelter Covid-19 Trusted Digital Health Passport on the Blockchain will be held on July 23 at 3:00 PM CET (please visit - https://www.wisekey.com/wisekey-webinar/)
Geneva July 6, 2020 - WISeKey International Holding Ltd (WISeKey, SIX: WIHN / Nasdaq: WKEY), a leading cybersecurity and IoT company, that its WIShelter app now includes the ability for users to upload and digitally certify the results of their COVID-19 test facilitating international travel as users can certify that they are not infected with the COVID-19.
These functionalities will allow local governments to enable healthy/immured persons to safely return to their jobs thus reduce the economic impact of the epidemic while protecting the high-risk population by controlling the spread of this infectious disease.
For almost two decades, WISeKey has contributed to the design and implementation of global standards for the internets long-missing identity layer: decentralized, point-to-point exchange of information about people, organizations, or things enabled by blockchain and certified by cryptographic Root of Trust. WISeKeys technology, products and services can be used by individuals and organizations.
The app now includes a WISeID Health Card with important medical details like blood type, allergies, and other medical conditions, and can be enriched with digital health certificates, as its the case of the result of an official COVID-19 test.
This simple method to display the Health Card could allow law enforcement and other public services to apply controls during the de-escalation phase of the pandemic.
All health details are encrypted and linked to the users identity, represented by a Digital Certificate. Encrypting this data is important to protect users confidential information and ensuring that the user is staying up-to-date with its health credentials, and is in compliance with all privacy requirements, like the EuropeanGeneral Data Protection Regulation(Directive 95/46/EC), known as GDPR, the primary law regulating how companies protect EU citizens personal data. WISeKey is a fully Qualified Trust Service Provider (TSP) under eIDAS, the updated EU regulations dealing with trusted eID and electronic transactions and Webtrust.ORG.
Blockchain-based solutions aim to override the need for a central authority by distributing information previously held in a centralized repository across a network of participating nodes. While Blockchain is not owned by one individual or organization, anyone with an internet connection (and access, in the case of private Blockchains) can make use of it, help maintain and verify it. When a transaction is made on a Blockchain, it is added to a group of transactions, known as blocks. Each block of transactions is added to the database in a chronological, immutable chain. Each block is stamped with a unique cryptographic code, which ensures that records are not counterfeited or changed. The Blockchain approach lacks legal validity in most jurisdictions, which only recognize the digital signatures as equally valid that manuscript signatures when generated using traditional PKI technology.
Using their digital identity secured by WISeKey, users will be able to geo-localize other certified users and stablish secure communications. If needed, the app allows users to prove to local authorities that they are respecting the stay at home recommendations. To ensure the data privacy, each users Personal Identifiable Information is kept encrypted and never disclosed without their consent.
The WIShelter app is based on WISeID, WISeKeys Digital Identity platform and combines in a unified solution a suite of web services and mobile applications:
The new features of the WIShelter app include a full health digital certificate that is imported into the App by connecting it to the medical record of the patient issued by a bona fide qualified health certification program on which Doctors and Medical Facilities can join.
The WISeID Health Card includes important medical details like blood type, allergies, and other medical conditions, and can be enriched with digital health certificates, as its the case of the result of an official COVID-19 test.
This simple method to display the Health Card could allow law enforcement and other public services to apply controls during the de-escalation phase of the pandemic.
All health details are encrypted and linked to the users identity, represented by a Digital Certificate. Encrypting this data is important to protect users confidential information and ensuring that the user is staying up-to-date with its health credentials, and is in compliance with all privacy requirements, like the EuropeanGeneral Data Protection Regulation(Directive 95/46/EC), known as GDPR, the primary law regulating how companies protect EU citizens personal data.
WISeKey is currently working with several governments and health organizations to add functionalities to the WIShelter app such as the ability for users to upload and digitally certify the results of their COVID-19 test. These functionalities will allow local governments to enable healthy/immured persons to safely return to their jobs thus reduce the economic impact of the epidemic while protecting the high-risk population by controlling the spread of this infectious disease.
Please Click Here to view, WISeKey CEO, Carlos Moreira, Discuss the Fight Against Covid-19 on TD Ameritrade Network.
For almost two decades, WISeKey has contributed to the design and implementation of global standards for the internets long-missing identity layer: decentralized, point-to-point exchange of information about people, organizations, or things enabled by blockchain and certified by cryptographic Root of Trust. WISeKeys technology, products and services can be used by individuals and organizations.
To that effect, WISeKey has launched an enhanced version of WISeID, adding easy to use strong authentication and email security capabilities that can remediate threats like phishing, ransomware or identity theft. Strong Authentication is a mechanism able to enhance security by complementing the traditional username/password access to online services with additional security factors, like biometry, hardware tokens and one-time-passwords. Additionally, secure eMail techniques allow confidential messages to be exchanged encrypted, and to affix a digital signature to the outgoing email, ensuring the recipient that the message comes from a genuine person and that has not been manipulated in the way.
About WISeKey
WISeKey (NASDAQ: WKEY; SIX Swiss Exchange: WIHN) is a leading global cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT respecting the Human as the Fulcrum of the Internet. WISeKey microprocessors secure the pervasive computing shaping todays Internet of Everything. WISeKey IoT has an install base of over 1.5 billion microchips in virtually all IoT sectors (connected cars, smart cities, drones, agricultural sensors, anti-counterfeiting, smart lighting, servers, computers, mobile phones, crypto tokens etc.). WISeKey is uniquely positioned to be at the edge of IoT as our semiconductors produce a huge amount of Big Data that, when analyzed with Artificial Intelligence (AI), can help industrial applications to predict the failure of their equipment before it happens.
Our technology is Trusted by the OISTE/WISeKeys Swiss based cryptographic Root of Trust (RoT) provides secure authentication and identification, in both physical and virtual environments, for the Internet of Things, Blockchain and Artificial Intelligence. The WISeKey RoT serves as a common trust anchor to ensure the integrity of online transactions among objects and between objects and people. For more information, visitwww.wisekey.com.
Press and investor contacts:
Disclaimer:This communication expressly or implicitly contains certain forward-looking statements concerning WISeKey International Holding Ltd and its business. Such statements involve certain known and unknown risks, uncertainties and other factors, which could cause the actual results, financial condition, performance or achievements of WISeKey International Holding Ltd to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. WISeKey International Holding Ltd is providing this communication as of this date and does not undertake to update any forward-looking statements contained herein as a result of new information, future events or otherwise.
This press release does not constitute an offer to sell, or a solicitation of an offer to buy, any securities, and it does not constitute an offering prospectus within the meaning of article 652a or article 1156 of the Swiss Code of Obligations or a listing prospectus within the meaning of the listing rules of the SIX Swiss Exchange. Investors must rely on their own evaluation of WISeKey and its securities, including the merits and risks involved. Nothing contained herein is, or shall be relied on as, a promise or representation as to the future performance of WISeKey.
Cryptocurrencies Adding to the Safety and Security in the UK Gambling Industry – London Post
These are exciting times for the UK gambling industry. The impact of internet technology is now being felt with online gambling now controlling the industry. The adoption of cutting-edge technology is reasonable for the boom in the industry. From live casinos, mobile apps to artificial intelligence, incredible trends continue shaping the gambling industry.
However, it is the rise of cryptocurrency casinos that seeks to redefine UK gambling. Many operators now include crypto coins such as bitcoin, Ethereum and Litecoin as part of their banking methods. Others offer exclusive bitcoin payments and promotions based on digital tokens.
This revolutionary trend has a huge impact due to enhanced safety and security on these platforms. Players looking for peace of mind when playing online now opt to use cryptocurrencies.
This post looks at how cryptos guarantee the safety and security of players at online casinos.
Theres a lot of talk about cryptocurrency, yet many people, especially in the UK havent embraced this payment method. In simple terms, cryptocurrency is a peer to peer form of payment for internet users. Bitcoin was the first cryptocurrency and after its launch in 2009, hundreds of other digital currencies have emerged.
A cryptocurrency such as bitcoin represents value. It is a digital asset just like fiat currency, only that theres no centralized regulatory authority. At the core of crypto transactions is cryptography, which guarantees every transaction is recorded and the users remain anonymous. This new form of payment works on a distributed public ledger (blockchain) to ensure all transactions are updated by currency holders.
In the case of casinos, youll need to create a crypto wallet to store your digital tokens. Once you open a casino account, you can transfer any amount of crypto coins to your account to start playing.
Such transactions dont require your personal data but an exchange of unique and one-off bitcoin addresses. At the same time, such transactions go to the public ledger, which maintains transparency. At no point does the trail of cryptocurrency run cold and this offers a layer of protection for casino players.
The future proof online casino is one that has invested heavily in new technology and also embraces innovations such as cryptocurrency. Such platforms attract more players as safety and security are primary considerations when using any online services.
Many people want to play at online casinos without leaving any trail. Using credit, debit cards or bank transfers when making payments at casinos leaves a footprint and also poses a risk for players.
Cryptocurrency casinos dont require banking details or any personal data. Once you provide the bitcoin address, you can receive your winnings instantly. The same applies to casino deposits. By avoiding any exchange of personal information, gambling operators provide a safer experience. You dont have to worry about loss of your data to fraudsters.
If you have always feared to play at online casinos, its time to try cryptocurrency gambling. This is the future of casino payments as it guarantees anonymity and security. With rising concerns over internet security, the use of bitcoin and other cryptos continue altering the digital gambling landscape.
Continue reading here:
Cryptocurrencies Adding to the Safety and Security in the UK Gambling Industry - London Post
Voice recordings from domestic violence alerting app exposed on the internet – Security Boulevard
One the face of it, it sounded like a good idea.
A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button.
That was the idea behind the free Aspire News App, launched some years ago by When Georgia Smiled, a US non-profit founded by Robin McGraw and her husband US TV star Dr Phil to help victims of domestic violence and sexual assault.
To be honest, that still sounds like a good idea to me if the app is coded well, and if any data it collects is properly secured.
But what isnt a good idea is for voice recordings made by the app to be left exposed on an unsecured Amazon Web Services (AWS) S3 bucket, allowing anyone with internet access to download them and listen if they so wish.
According to security researchers at VPN Mentor, who found the exposed data, over 4,000 voice recordings of emergency messages left by victims of domestic violence were available to access no password required.
Some of the 230MB worth of recordings included personally identifiable information such as names, home addresses, as well as the identities of violent abusers.
Transcripts of just two of the recordings that were exposed reveal the seriousness of the situation:
[Full Name] is threatening or hurting me. Please send help now. [Full address]
and
Please call the police right away and have them come to [Full Address]. I am in great danger. I need you to send the police right away, please
Potentially, if the information fell into the wrong hands it could not only expose people who did not want the data revealed at the risk of extortion, but it could also put victims in greater physical danger if their abuser found out.
The researchers attempted to reach out to When Georgia Smiled and the Dr. Phil Foundation to get the serious data breach fixed last Wednesday, but ultimately it took the involvement of AWS itself to get the unsecured web bucket shut down.
So, thats a happy end to the story, right?
Well, perhaps not.
You see, a security failure like this could lead to victims of domestic abuse losing confidence in Aspire News App. If they do not feel safe any longer using the app, they may find it harder to escape abusive relationships safely.
That clearly wasnt what Dr Phil and his wife Robin McGraw wanted the Aspire News app was supposed to help people escape dangerous situations, not make it even harder to find a way out.
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: https://hotforsecurity.bitdefender.com/blog/voice-recordings-from-domestic-violence-alerting-app-exposed-on-the-internet-23609.html
Originally posted here:
Voice recordings from domestic violence alerting app exposed on the internet - Security Boulevard
Cascading Security Through the Internet of Things Supply Chain – Lawfare
The internet of things (IoT) has been insecure since the first connected refrigerator woke up and asked for more milk. But while having your fridge hacked seems at best amusing and at worst inconvenient, the nightmare scenario is a matter of national security. Imagine hundreds of thousands of smart refrigerators, all with the same default password, hacked to direct a flood of web traffic against key internet servers, paralyzing them. Swap smart fridges for security cameras and DVD players, and you have the Dyn cyberattack of 2016.
At the heart of most home networks, and many industrial ones, is the humble wireless router. The security of these popular hubs is a prominent concern because they form the core of IoT networks. Against the steady drumbeat of major security flaws disclosed in the code running these devicesincluding several in just the past monthresearchers have seen little progress in router security over the past 15 years. Serious vulnerabilities in home Wi-Fi routers can open the door for attackers to gain access to local networks and other connected systems. As the U.S. faces a surge of attacks exploiting the widespread uncertainty and confusion wrought by the coronavirus pandemic, these concerns have become all the more urgent.
Routers exemplify the challenges for IoT security: widening dependence, poor security practices, and manufacturers based around the world beyond the reach of a single jurisdiction.
This issue of jurisdiction is critical. Even with a clear security framework for manufacturers, supported by the kind of congressionally backed enforcement proposed by the U.S. Cyberspace Solarium Commission, most manufacturers in this market are based outside the United States. The IoT supply chain is global, and any policy solution must account for this fact.
In a new paper, we propose to leverage these supply chains as part of the solution. Selling to U.S. consumers generally requires that IoT manufacturers sell through a U.S. subsidiary or, more commonly, a domestic distributor like Best Buy or Amazon. The Federal Trade Commission can apply regulatory pressure to this distributor to sell only products that meet the requirements of a security framework developed by U.S. cybersecurity agencies. That would put pressure on manufacturers to make sure their products are compliant with the standards set out in this security framework, including pressuring their component vendors and original device manufacturers to make sure they supply parts that meet the recognized security framework.
Companies are asking for testable IoT standards that would help them accurately and consistently communicate the safety of the products they sell to customers. Distributors like Target already have internal processes in place to ensure that all products on their shelves comply with relevant safety and quality standards. Efforts like the recent NIST Internal Report 8259 are good candidates for such a framework, preventing the Federal Trade Commission from having to endorse or promulgate its own standards. Other examples, like the Japanese governments IoT Security Safety Framework, evince welcome concern about the issue but, at present, are too abstract to be enforceable on manufacturing and design processes.
Additionally, a national labeling scheme would help distributors identify compliant products and provide a pathway for consumer pressure on manufacturers. One recent survey found 87 percent of consumers believe it is the manufacturers responsibility to secure their IoT products. A labeling scheme would provide another pathway for that sentiment to shape the marketplace. The Cyberspace Solarium Commissions recommendation for a National Cybersecurity Certification and Labeling Authority would help concentrate market information about good security practices and provide accessible ratings to users. Last month, Carnegie Mellons CyLab demonstrated a prototype IoT security labeling scheme, based on several years of work meant to condense key security measures into a concise set of words and images.
These policy tools are not limited to the United States. Earlier this year, Singapore unveiled its own plan for such a labeling scheme for Wi-Fi routers and smart home products, an encouraging sign that this could be a feasible way to remove poorly secured IoT devices from the global market. The U.K.s Code of Practice presents a similar opportunity to hold retailers and distributors accountable for products they sell, offering 13 security guidelines for IoT manufacturers and service providers. Following a public consultation in 2019, the U.K. government explored a mandatory security labeling scheme, as well as an outright ban of the sale of products that do not adhere to the top three guidelines: no default passwords, implementation of a vulnerability disclosure policy, and regular software updates backed by an end-of-life policy. Building on the U.K.s work, the European Telecommunications Standards Institute (ETSI) launched its consumer IoT security standard last year, while the EU Agency for Cybersecurity published its Good Practices report outlining baseline security recommendations for the IoT. A proposal from Australias IoT Alliance for an independent certification scheme, called Trust Mark, would provide the kind of security labeling we call for.
Any of these efforts could provide an effective candidate for an international security framework, especially if harmonized with a U.S. standard. Cross-national coordination with other countries that have major markets for IoT products is crucial for preventing jurisdiction hopping by manufacturers. Europe is an important partner for such cooperation, given the EUs recent focus on security standards and certification.
The poor state of IoT security is nothing new, but the growing array of policy initiatives and security standards to address it is a welcome sign. It would be a genuine loss for the public interest if these efforts floundered due to jurisdictional boundaries and the limitations of domestic enforcement. Establishing and harmonizing security standards across borders is an important step toward a more secure IoT ecosystem. The IoT supply chain has so far been a channel for risk into our homes. We can use that same channel to push security back up through the supply chain.
Read the original post:
Cascading Security Through the Internet of Things Supply Chain - Lawfare
How to Build the Right Security Assessment – Security Boulevard
While ISO/IEC 27000, the NIST Cybersecurity Framework, the Shared Assessment SIG, Cloud Security Alliance CAIQ, the Center for Internet Security Top 20 and other standards now prevail in the cybersecurity industry, the third-party risk management discipline is still fragmented in its methods. Security risk in the supply chain has increased exponentially given complex, often global supplier networks, mounting cyberthreats and increased government regulations.
In trying to keep up, companies have implemented lengthy vendor assessments that regularly prove burdensome for their internal teams to manage. Theyre also onerous for suppliers, which must respond to similar questions asked in slightly different ways by every company they sell to. That muddies data collection and makes a consistent cross-industry evaluation difficult to impossible.
For instance, during some recent research exploring hundreds of security assessment questions, my firm discovered 10 iterations of a basic question asking if a supplier conducts penetration testing! Considering questionnaires can have hundreds of questions, its easy to see the scope of the challenge.
A natural response would be to seek a set of standards for use in creating and implementing third-party risk assessment instruments. For example, the Shared Assessments Program, a global membership organization focused on best practices for third-party risk assurance, has created a useful tool with its Standardized Information Gathering (SIG) Shared Assessment. The SIG offers a great starting place for assessing risk management across 18 service provider business domains, using a common taxonomy for hundreds of questions.
The benefit of this and similar resources is that they are created by experts who evaluate a huge set of questions, intake a breadth of third-party risk management expertise and codify it. They apply an industry-agnostic, global perspective. They also continually update question banks as new information is uncovered and analyzed. Because its their core business mission, the output is high-quality, comprehensive and likely better than any company could do on its own.
As valuable as this resource can be, organizations still often modify standard SIG questions to apply their own terminology or otherwise adjust them to meet their specific risk appetite. That exacerbates the inconsistency problem.
The pentesting question dilemma is a prime example. Assessment questionnaires not aligned to a standard framework require those completing the assessment to stop, read, understand and interpret a question for any nuance contained in it. Perhaps theres even a follow-up question included. This takes time and may actually increase errors.
Instead, given the availability of rich standardized tools and expertise, its far more efficient for all concerned if organizations customize the way they apply standardized questions, mapping them back to their specific organizational risk threshold. For instance, think through which of the 18 SIG domains applies to your unique situation and select standard questions that align to your corresponding areas of risk. There are hundreds to choose from.
For those who insist that customized questions are necessary, consider standing in the vendors shoes. Read your entire assessment questionnaire and honestly consider your reaction if you were told to complete it. If youre not willing to fill it out, its the wrong thing to be sending.
Whats more, the vendor cost burden is already prohibitive. Buyers who make the process too complex and consequently too expensive stand to drive away the best vendors, which will look for paths of less resistance. Those that do stay with you will pass the costs back to you in some other form.
It ultimately comes down to time, cost and sanity. Given the extensive supply chains that so many businesses depend on, yesterdays system no longer works. Third-party security assessments will remain a critical part of effectively managing the security risk thats inherent in the supply chainbut critical doesnt have to be complicated. Instead of recreating the wheel, embracing tools already available will help all of us reach the same objectives, improve efficiencies and secure the interdependent global business ecosystem.
Read the original post:
How to Build the Right Security Assessment - Security Boulevard
The lack of women in cybersecurity puts us all at greater risk – The Next Web
Women are highly underrepresented in the field of cybersecurity. In 2017, womens share in the U.S. cybersecurity field was 14%, compared to 48% in the general workforce.
The problem is more acute outside the U.S. In 2018, women accounted for 10% of the cybersecurity workforce in the Asia-Pacific region, 9% in Africa, 8% in Latin America, 7% in Europe and 5% in the Middle East.
Women are even less well represented in the upper echelons of security leadership. Only 1% of female internet security workers are in senior management positions.
I study online crime and security issues facing consumers, organizations and nations. In my research, I have found that internet security requires strategies beyond technical solutions. Womens representation is important because women tend to offer viewpoints and perspectives that are different from mens, and these underrepresented perspectives are critical in addressing cyber risks.
The low representation of women in internet security is linked to the broader problem of their low representation in the science, technology, engineering and mathematics fields. Only 30% of scientists and engineers in the U.S. are women.
The societal view is that internet security is a job that men do, though there is nothing inherent in gender that predisposes men to be more interested in or more adept at cybersecurity. In addition, the industry mistakenly gives potential employees the impression that only technical skills matter in cybersecurity, which can give women the impression that the field is overly technical or even boring.
Women are also generally not presented with opportunities in information technology fields. In a survey of women pursuing careers outside of IT fields, 69% indicated that the main reason they didnt pursue opportunities in IT was because they were unaware of them.
Organizations often fail to try to recruit women to work in cybersecurity. According to a survey conducted by IT security company Tessian, only about half of the respondents said that their organizations were doing enough to recruit women into cybersecurity roles.
Gender bias in job ads further discourages women from applying. Online cybersecurity job ads often lack gender-neutral language.
Boosting womens involvement in information security makes both security and business sense. Female leaders in this area tend to prioritize important areas that males often overlook. This is partly due to their backgrounds. Forty-four percent of women in information security fields have degrees in business and social sciences, compared to 30% of men.
Female internet security professionals put a higher priority on internal training and education in security and risk management. Women are also stronger advocates for online training, which is a flexible, low-cost way of increasing employees awareness of security issues.
Female internet security professionals are also adept at selecting partner organizations to develop secure software. Women tend to pay more attention to partner organizations qualifications and personnel, and they assess partners ability to meet contractual obligations. They also prefer partners that are willing to perform independent security tests.
Increasing womens participation in cybersecurity is a business issue as well as a gender issue. According to an Ernst & Young report, by 2028 women will control 75% of discretionary consumer spending worldwide. Security considerations like encryption, fraud detection and biometrics are becoming important in consumers buying decisions. Product designs require a trade-off between cybersecurity and usability. Female cybersecurity professionals can make better-informed decisions about such trade-offs for products that are targeted at female customers.
Attracting more women to cybersecurity requires governments, nonprofit organizations, professional and trade associations and the private sector to work together. Public-private partnership projects could help solve the problem in the long run.
A computer science teacher, center, helps fifth grade students learn programming. AP Photo/Elaine Thompson
One example is Israels Shift community, previously known as the CyberGirlz program, which is jointly financed by the countrys Defense Ministry, the Rashi Foundation and Start-Up Nation Central. It identifies high school girls with aptitude, desire and natural curiosity to learn IT and and helps them develop those skills.
The girls participate in hackathons and training programs, and get advice, guidance and support from female mentors. Some of the mentors are from elite technology units of the countrys military. The participants learn hacking skills, network analysis and the Python programming language. They also practice simulating cyber-attacks to find potential vulnerabilities. By 2018, about 2,000 girls participated in the CyberGirlz Club and the CyberGirlz Community.
In 2017, cybersecurity firm Palo Alto Networks teamed up with the Girl Scouts of the USA to develop cybersecurity badges. The goal is to foster cybersecurity knowledge and develop interest in the profession. The curriculum includes the basics of computer networks, cyberattacks and online safety.
Professional associations can also foster interest in cybersecurity and help women develop relevant knowledge. For example, Women in Cybersecurity of Spain has started a mentoring program that supports female cybersecurity professionals early in their careers.
Some industry groups have collaborated with big companies. In 2018, Microsoft India and the Data Security Council of India launched the CyberShikshaa program in order to create a pool of skilled female cybersecurity professionals.
Some technology companies have launched programs to foster womens interest in and confidence to pursue internet security careers. One example is IBM Securitys Women in Security Excelling program, formed in 2015.
Attracting more women to the cybersecurity field requires a range of efforts. Cybersecurity job ads should be written so that female professionals feel welcome to apply. Recruitment efforts should focus on academic institutions with high female enrollment. Corporations should ensure that female employees see cybersecurity as a good option for internal career changes. And governments should work with the private sector and academic institutions to get young girls interested in cybersecurity.
Increasing womens participation in cybersecurity is good for women, good for business and good for society.
This article is republished from The ConversationbyNir Kshetri, Professor of Management, University of North Carolina Greensborounder a Creative Commons license. Read the original article.
Read next: Blackpink takes back the YouTube crown from BTS with record-breaking new video
Why is queer representation so important? What's it like being trans in tech? How do I participate virtually? You can find all our Pride 2020 coverage here.
Excerpt from:
The lack of women in cybersecurity puts us all at greater risk - The Next Web
Apple may have just changed a key part of how the internet works – TechRadar
A central part of the system keeping the internet secure looks set to change for good thanks to a decision made months ago by Apple.
The company declared in February 2020 it would start accepting a new default lifespan of 398 days for TLS certificates - the encryption service that protects web data - going against the existing system set by the Certificate Authority industry.
Now, Google and Mozilla are set to follow suit, meaning the companies behind three of the leading browsers on the market today are changing the way internet security operates.
Back in February, Apple said that it would be reducing the maximum allowed lifetimes of TLS server certificates of its own accord. The company said that doing so would help improve web security for its users, as this would help weed out bad or insecure TLS certificates which had been affected by cybercrime or malware.
However Apple's actions go against precedents set down by the the CA/B Forum, an industry body made up of representatives from browsers and Certificate Authorities (CAs) alike, and the organisation that usually dictates these lifespans.
CAs are the companies that issue TLS certificates, the lifespans of which have increasingly shortened in recent years as the need for greater online security grows.
When first introduced, TLS lifespans were eight years long, before gradually falling to two years under pressure from tech firms. With more sites being hit by cyberattacks, and the sheer number of websites across the internet continuing to grow exponentially, the need for flexible and effective TLS certificates to keep pages secure is greater than ever.
Securing websites with HTTPS systems goes a long way to ensuring these protections stay in place, but Apple, Mozilla and Google hope that combining this with shorter TLS certificates might make the job of a hacker harder than before.
The issue now seems decided, with individual CA providers protesting but unable to do much about the stance of Apple and its fellow tech firms.
So from September 1 2020, users may start to see more HTTPS errors in their browser, but can be reassured that this should mean their connections are arguably more secure - at least in Apple's eyes.
Via ZDNet
Original post:
Apple may have just changed a key part of how the internet works - TechRadar
Indians most concerned about identity theft – Fortune India
How can businesses take advantage of these findings? What can companies do to ensure that they are protecting themselves in this new work from home (WFH) environment?
Seshadri: Businesses can leverage these insights to understand what matters to their consumers and act where it makes a difference. They can also leverage these findings to identify potential gaps in their efforts to secure their data and infrastructure and take necessary action.
For instance, the survey found that only 32% people were seriously concerned about a data breach while working remotely, reflecting a false sense of security. This certainly puts the onus on organisations to secure their data and assets from malicious attacks which are so rampant now. There are a few things that companies can do to ensure they are protecting themselves in this new WFH environment:
Reduce dependence on VPNs: Make it easier for employees to be secure when connecting from home, and that means less use of old-style VPNs that dont scale and arent suited for the Covid era. Companies should embrace a zero-trust approach and technology, including always-on encrypted direct access, identity verification tools, and a software-defined perimeter to limit the damage from malware getting in.
Empower employees to manage the risks of a WFH environment: Employees are a critical link in the security net of any company and it is important that we empower them with the right knowledge and skill sets to combat the threats of a WFH world.
Leverage technologies like biometrics to enhance security: It is time to explore technologies such as biometrics to extend safety precautions in the age of work from home. Firms can equip their employees with additional security controls such as multi-factor authentication, or even biometric logins such as facial recognition or fingerprint scans, which are not as easy to breach as some of the more traditional approaches.
Leverage emerging technologies and approaches to fortify the security ecosystem: Companies should look at how they can embed technologies like artificial intelligence and machine learning into their security ecosystem to improve their cyber posture. They should also embrace approaches like microsegmentation to strengthen their security posture.
Prepare for an attack: Cyberattacks are considered a matter of when and not if, given the level of sophistication of cyber threats. Reducing the attack surface via approaches like microsegmentation could go a long way in protecting corporate data and systems. Organisations should also look beyond winning with security and focus on resilience and trust as this could be the difference between whether an organisation recovers or not after a cyberattack.
How can individuals protect themselves from identity theft?
Seshadri: The survey revealed that identity theft is the topmost security concern in India with 83% people being concerned about it. For the past four years, identity theft has remained the top concern among consumers globally as well. One reason for this is the high threat recognition and clear potential impact that identity theft has among consumers. Identity theft is often associated with financial crimes, illegal immigration, terrorism, espionage and blackmail, making people seriously concerned about the issue.
Individuals need to stay cautious and work harder to stay safe in this new environment, whether working from home or just sharing and interacting more online. Here are a few tips that will help:
* Be aware of the IT security policies and procedures of their organisation. In case they are using personal hardware or downloading software for work, it is recommended that they seek approval from their IT department
* Update passwords on hardware such as cable boxes and internet modems regularly and not share any passwords with anyone
* Install all applicable software patches and updates to keep their personal and official devices secure. This has to be done on an ongoing basis
* Trust their intuition and ignore suspicious calls or emails that ask for personal information
* Verify all hyperlinks by examining the domain in the URL and using online search engines to verify links independently
* Secure their hardware by updating to the latest firmware and checking the brand and model for security risks
* Protect their video calls by using new links and making sure meetings are password protected
What should for individuals, businesses, and governments do to increase security?
Seshadri: The results of the index prompt us to suggest actions that individuals, businesses, and governments should take to increase security:
Individuals: They need to be more aware of the security threats in a remote working environment and never drop their guard. They must follow IT security guidelines to secure their personal data and organisational data that they deal with as part of their work.
Enterprises and governments: They need to take actions to increase security and address the security concerns cited by consumers. This could include:
* Adopting a zero-trust security model in their organisations that assumes all network traffic is a potential threat
* Not neglecting security basics like standard password protection and employee education
* Approaching security with clients, customers, and constituents in mind
* Collaborating with business partners to address common challenges
Governments also have a role to play in creating and implementing regulatory frameworks that address the concerns raised and ensure greater security for individuals and businesses.
See original here:
Indians most concerned about identity theft - Fortune India