Category Archives: Internet Security
Ransomware attacks and the future role of the CISO – teissTalk – TEISS
On18 May,teissTalkhostJenny Radcliffewas joined by a panel of fourcybersecurity expertsin a wide-ranging discussion that covered government actions,ransomware attacksand the future of the CISO.
You canaccess avideoof the discussionhere
WillJoe Bidens new cybersecurity executive order change the ITlandscape?
The executive order, evenif its impactis mostlylimited to federal institutions and their contractors, is a milestone in cybersecurity legislation. Thanks to major ransomware attacks against key US infrastructure and the Vice Presidents advocacy of reasonable security and compliance with CIS (Centre for Internet Security) controls going back toher days as Attorney General in California, the Biden administration is expected to have the fight against cyber-attacks at thetopof its legislative and law-enforcement agenda.
The fact that the executive order talks about IoT security standards also suggests thatwerewitnessinga watershed moment. Although the executive orders main objective is to make federal institutions and their supply chains more transparent,itsvery unlikelytoleave the rest of the private sector intactin the long run.
Mandatory disclosure of data breaches and hackshasalready beenaround incritical industries such as pharmaceuticals and healthcare. Now,as a result ofthe executive order, an even wider circle of institutions and private enterprises will need to comply.
Internet providers can also play a more prominent role in fighting cybercrime in the future by blocking internet traffic coming from rogue states and known threat actors.
Governments,automationandpeople:the three pillars of cyber-defence
Ransomware attackswereoriginally drivenbyfinancial gain. However, as the number of incidents disruptingcritical infrastructure andthreateninghuman livesis growing fast, it increasingly needs to be seen asa form ofcyberterrorism. As the perpetrators of cybercrime are oftenfinanced or even commissioned by nation states, governments of western democracies have recently taken afirmer stance on putting up a fight against them.
The UKs Integrated Defence Review published in March reserves the right to use nuclear weapons againstemerging technologies that could have a comparable impacttochemical, biological orothernuclear weapons, although its not completely clear whether this was meant to cover cyber- attacks.
Meanwhile, in a statement, the US administrationdidntrule outauthorising a kinetic response, or, in other words, active warfare in the event of a large-scale cyber-attack by a nation state.
Attribution, however,is much trickier in the case of cyber-attacks thanintraditional warfare, therefore,in order toavoid escalation and a potential cyber war,retaliation must be only the very last resort.
The current situation, where private businesses need to defend themselves against national threat actors without the support of the state is unprecedented. Therefore, what the business sector needsto better tackle cyber threats is a more active cyber-defenceposture adopted by their governments.
There have already been examples in the past when governments providedprotectionfor privateenterprisesto ensure the uninterrupted flow of global trade on the Mediterranean or the Atlantic.Businesses need a similar kind of supportnowin the cyberspace.
Although for medium-size and small businesses the scope for cyber defence is much more limited for lack of human and financial resources, automation and the use of secure software and multi-factor identification can go a long way.
As about 85 per cent of all breaches start with anemployeeclicking on an attachment or link that theyshouldnt, taking the human element out of the cyber threat equation is key. Withthe number of breaches in the cloud exceeding those on premises first time ever, cloud security is another area that needs to get to the forefront of the fight against cybercrime.
What will be the CISO of the futurelike?
The role of the CISO has been changing a lot over time. Originally the CISO was seen as a compliance and risk guru.Forrester has established five more types of CISOs (transformational, post-breach, tactical/operational, steadystateand customer-facing evangelist), which will probably whittle down to no more than two or three as the role will get more mature.
Demonstrating some self-deprecating humour, CISOssometimes refer tothemselvesaCrisis-Induced Sacrificial Officer, which points to the irony that people fulfilling this role are often held responsible forincidents which are beyond their control.
In the future, CISOs will probably have more leverage and willincreasinglyreport directly to the board. For this relatively new role toget more established, CISOs need to see and evaluate their own performance through the eyes of CEOs, asking themselves how many customers their efforts helpedthe businessto attract and retain.
teissTalkhostJenny Radcliffewas talking toKathleen Mullin, Chief Information Security Officer,HealthmapSolutions;Paul Raines, Chief Information Security Officer, United Nations Development Programme;Ian Hill, Global Director of Cybersecurity, Royal BAM Group;andSteve Moore, Vice President and Chief Security Strategist,Exabeam.
You can access the recording of thisteissTalkhere.
Read the original post:
Ransomware attacks and the future role of the CISO - teissTalk - TEISS
NCSC chief: Ransomware is more of a threat to Britain than hostile nations’ spies – The Register
Forget foreign spies. The head of Britain's National Cyber Security Center (NCSC) has warned it is ransomware that's the key threat for most people.
"What I find most worrying isn't the activity of state actors," NCSC chief exec Lindy Cameron told a national security audience, joining the chorus of organisations calling out ransomware criminals as the number one cybersecurity threat of the moment.
The speech marks the first time that GCHQ, the spy agency and parent body of the National Cyber Security Centre, has acknowledged a cyber threat as being of more concern to the UK than traditional state spying.
"Four nation states China, Russia, North Korea, and Iran have been a constant presence in recent years. And as I've said before, we face a determined, aggressive Russia, seeking traditional political advantage by new, high-tech means," said Cameron.
The NCSC's chief exec was giving defence think tank the Royal United Services Institute's (RUSI) Annual Security Lecture, which took place in between the G7 leaders' summit in Cornwall. The summit itself saw Russia named and shamed for harbouring ransomware criminals ahead of the first meeting between US president Joe Biden and Russian leader Vladimir Putin this week. Biden is expected to raise the problem of ransomware gangs with his opposite number.
Speaking to RUSI's audience of military officers, espionage officials and political policy wonks, Cameron described the structure of the current ransomware ecosystem the omnipresent as-a-service model and noted: "They may identify embarrassing or business-sensitive material that they can threaten to leak or sell to others. And they might even research your cyber insurance policy to see if you're covered to pay ransoms."
The US FBI's recent success in recovering a cryptocurrency ransom paid by the Colonial Pipeline Company from ransomware crew Darkside is a very rare one.
Cameron's speech highlighted what the British government is doing to tackle not only ransomware but national cybersecurity weaknesses as a whole starting to break from protecting only itself to taking an interest in the security of taxpaying businesses and private citizens alike.
Speech ... NCSC chief exec Lindy Cameron
"In some respects, our response to ransomware is straightforward: we need to continue to build the UK's cyber resilience so that attacks cannot reach their targets in the first place," said Cameron, highlighting her organisation's guidance on how not to get pwned by internet crooks. This is targeted at SMEs and bigger companies alike, including large sections in simple words for executives and non-technical managers to digest.
"It's about preparing, planning, exercising all the way up to board level, working on the assumption that a cybercriminal will be as interested in your weaknesses as a burglar in your open window," she added.
But on top of the cybersecurity hygiene practices, with which Register readers will be well familiar, there's what Cameron described in her speech as the "whole-of-nation approach" to tackling the ransomware menace. She also mentioned "the cyber insurance industry, which has a role to play in bearing down on the payment of ransoms and cryptocurrency entities who facilitate suspicious transactions."
Britain's interventionist approach to cybersecurity includes a new law giving politicians the power to block mergers and acquisitions of British companies by halting "potentially hostile foreign direct investment." The last few months have seen the Conservative government boasting of market interventions that would have Adam Smith spinning in his grave.
Yet perhaps conscious of the huge role played by private industry in securing British businesses, Cameron gave it an unusual public nod, saying: "The government can't do this alone. We will continue to take a whole-of-society approach to improving the cyber resilience of the UK. Industry, academia, and civil society all have a role to play."
Wide-ranging as it was, the week's focus on international cybersecurity and ransomware so far means Cameron's closing call for more "partnerships with partners around the world" might bear fruit if Russia, China, and others are prepared to play ball.
Go here to read the rest:
NCSC chief: Ransomware is more of a threat to Britain than hostile nations' spies - The Register
CIO Leadership: Building Trust at the Executive Level Will Drive the Discussion at the 2021 HMG – GlobeNewswire
WESTPORT, Conn., June 16, 2021 (GLOBE NEWSWIRE) -- HMG Strategy, the Worlds #1 digital platform for enabling technology executives to reimagine the enterprise and reshape the business world, is excited to be hosting its 2021 HMG Live! Chicago CIO Executive Leadership Summit on June 17. HMG Strategys highly interactive digital events bring together the worlds most distinguished and innovative business technology leaders to discuss the most pressing leadership, strategic, cultural, technology and career challenges and opportunities that technology executives face today and into the future.
The 2021 HMG Live! Chicago CIO Executive Leadership Summit will focus on recommendations from CIOs and business technology executives on how to build trusting relationships across the C-suite along with advice for regaining trust after it has been lost.
The CEO and members of the executive team are relying on the CIO and other technology executives to offer bold ideas for developing new go-to-market models and other business innovation, said Hunter Muller, President and CEO of HMG Strategy. But in order to succeed with these efforts, technology leaders must have trusting relationships in place with members of the executive team.
Top-tier business technology executives and industry experts speaking at the 2021 HMG Live! Chicago CIO Executive Leadership Summit will include:
Valued Partners for the 2021 HMG Live! Chicago CIO Summit include Akamai, Auth0, BetterCloud, Blue Prism, Check Point Software Technologies, Darktrace, Forescout Technologies, Gigamon, Globant, Horizon3.ai, Illumio, RingCentral, SafeGuard Cyber, SIM Chicago, Skybox Security, Starburst, Upwork and Zscaler.
To learn more about the 2021 HMG Live! Chicago CIO Executive Leadership Summit and to register for the event, click here.
HMG Strategy will be hosting its 2021 HMG Live! Toronto CIO Executive Leadership Summit on June 21. Key topics that will be explored at this event include recommendations for cultivating a connected culture into the future including one that embraces diversity, equity and inclusion. Speakers at this event will also share recommendations for working with the CEO and the Board on looming cyber threats, including how best to communicate these risks and articulate where funding is needed most.
Prominent technology executives speaking at this event will include:
Valued Partners for the 2021 HMG Live! Toronto CIO Executive Leadership Summit include Akamai, Auth0, BetterCloud, Blue Prism, Check Point Software Technologies, The CIO Association of Canada, Darktrace, Forescout Technologies, Globant, Horizon3.ai, Infoblox, Illumio, RingCentral, Rubrik, SafeGuard Cyber, SIM Toronto, Skybox Security, and Zscaler.
To learn more about the 2021 HMG Live! Toronto CIO Executive Leadership Summit and to register for the event, click here.
HMG Strategy will also be hosting its 2021 HMG Live! New York Global Innovation Summit on June 24. Timely topics to be discussed at this event will include the role that business technology executives can play in reimagining how the business operates, applying security innovation to address the evolving threat landscape, along with real-world use cases for applying hot technologies such as artificial intelligence, machine learning, robotic process automation, the Internet of Things, computer vision and augmented reality.
World-class executives speaking at the 2021 HMG Live! New York Global Innovation Summit will include:
Valued Partners for the 2021 HMG Live! New York Global Innovation Summit include Akamai, Auth0, BetterCloud, Darktrace, Forescout Technologies, FPT Corporation, Globant, Horizon3.ai, Incorta, Illumio, NPower, RingCentral, SafeGuard Cyber, SIM New York Metro, Skybox Security, Starburst, Zendesk and Zscaler.
To learn more about the 2021 HMG Live! New York Global Innovation Summit and to register for the event, click here.
To learn about HMG Strategys upcoming CIO and CISO Summits, click here.
HMG STRATEGYS 2021 GLOBAL LEADERSHIP INSTITUTE AWARDS
The HMG Strategy 2021 Global Leadership Institute Awards honor exemplary technology leaders and leadership teams who are delivering exceptional value to their organizations. This award recognizes those who have reimagined and reinvented themselves to place their organizations on the fast track to groundbreaking transformation in dynamic times. Technology executives and their teams who receive these awards are being recognized for accomplishments in the following areas: Diversity, Equity and Inclusion; Leading into the C-suite; Creating New Go-to-Market Business Models; Modernizing Enterprise Architecture; and Building a Culture of Trust.
World-class technology executives who were recognized for their contributions to their companies and to the industry at the 2021 HMG Live! U.K. CIO Executive Leadership Summit on June 16 include:
To learn more about HMG Strategys 2021 Global Leadership Institute Awards and to nominate a deserving executive, click here.
HMG STRATEGYS CUSTOM WEBINARS AND DIGITAL ROUNDTABLES
On June 22, HMG Strategy will be hosting the HMG Security Innovation Webinar. Research conducted by HMG Strategy reveals that one of the top focus areas for CISOs and security leaders is working with the CEO and the executive team to enable innovation and grow the business. In this exclusive webinar, HMG Strategy President and CEO Hunter Muller asks the CEOs and leaders of innovative cybersecurity technology companies about the challenges they solve for clients, the innovation they deliver to companies, and how their solutions are differentiated in the market.
Speakers for this highly interactive event include Ritesh Agrawal, CEO, Airgap Networks Inc.
To learn more about this event and to register for the webinar, click here.
About HMG Strategy
HMG Strategy is the world's leading digital platform for connecting technology executives to reimagine the enterprise and reshape the business world. Our regional and virtual CIO and CISO Executive Leadership Series, authored books and Digital Resource Center deliver unique, peer-driven research from CIOs, CISOs, CTOs and technology executives on leadership, innovation, transformation and career ascent. HMG Strategy offers a range of peer-driven research services such as its CIO & CISO Executive Leadership Alliance (CELA) program which bring together the worlds top CIOs, CISOs and technology executives to brainstorm on the top opportunities and challenges facing them in their roles.
HMG Strategy also produces the HMG Security Innovation Accelerator Panel, a new webinar series thats designed to connect enterprise CISOs and security leaders with the most innovative cybersecurity companies from across the world.
The HMG Strategy global network consists of over 400,000 senior IT executives, industry experts and world-class thought leaders.
To learn more about the 7 Pillars of Trust for HMG Strategy's unique business model, click here.
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/2fcc0288-cffa-40d5-8a6d-592909a8312f
Read more here:
CIO Leadership: Building Trust at the Executive Level Will Drive the Discussion at the 2021 HMG - GlobeNewswire
Cyber and AI experts bring ideas to life to help combat national security concerns – De Montfort University
Cyber security and artificial intelligence (AI) experts at De Montfort University Leicester (DMU) have been given an opportunity to turn their ideas into commercial products as part of a government-funded accelerator programme.
The initiative, called CyberASAP (Cyber Security Academic Startup Accelerator Programme), is funded by the UK Government Department for Digital, Culture Media & Sport (DCMS) and delivered through KTN and Innovate UK. It aims to develop and sustain a security sector that meets national security demands as part of the governments 1.9billion national cyber security strategy.
(Image: Adi Goldstein/Unsplash)
Two teams made up of academics from DMUs Cyber Technology Institute (CTI) and Institute of Artificial Intelligence (IAI) successfully secured funding in the first phase of the programme, which requires each team to identify the value proposition of their prospective product.
With the support of KTN, the two teams have learned a lot of skills needed to operate in a start-up environment, through a series of interventions (including bootcamps, workshops, and mentoring), giving participating teams vital insights into the key milestones necessary to take their product from the lab to the market.
Dr Richard Smith, Associate Professor of Cyber Security at DMU, said: The CyberASAP programme provides academics with the skills to operate in the commercial world. It is about taking the skill base in UK universities and teaching academics how to exploit their research, skills and expertise within the commercial market.
CyberASAP was launched in 2017 and since then has helped more than 90 teams from universities across the UK to develop their innovations.
The first DMU team, called CyberAgents, is led by Dr Smith alongside Professor Daniela Romano. Together they are developing an incident response team using human/AI hybrid technology.
Many organisations have limited Incident Response capabilities and need to improve them in a safe environment, explained Dr Smith. We use behavioural science and data science to create innovative human/AI team defending together.
The AI-agent learns human-like creativity but with faster than human reasoning, and can plug any skill gaps in an organisations capability. Also, the more the agent learns, the more it improves.
The second team, SACRED, is being led by Dr Mary He, alongside Professor Yingjie Yang and Dr Francisco J Aparicio Navarro.
They are developing a unique and innovative web security tool, driven by advanced AI technology, to detect malicious web crawlers (computer programs that are calibrated to automatically search the Internet, also called spider or bot), thus protecting online services and websites of businesses or organisations and ensuring their customers privacy and data security.
Both teams have made effort to analyse the market size, competitors and potential collaborators of their prospective products, added Dr He. The CyberASAP initiative will speed up the pace of the UK cybersecurity development, tackling the global challenges in cybersecurity, and therefore helping to implement the National Security Strategy of the UK; to use all our national capabilities to build Britain's prosperity, extend our nation's influence in the world and strengthen our security.
Dr Smith added: Not only does CyberASAP help to grow the innovation produced by DMU academics, it increases our universitys footprint and brand in the commercial sector.
Posted on Thursday 10th June 2021
Read the original:
Cyber and AI experts bring ideas to life to help combat national security concerns - De Montfort University
What is a firewall? Understanding the security measure that protects against cyber threats – Business Insider
Many of us live with the fear of a cyberattack disrupting our computer-dependent lives not to mention their potential to wreak havoc on an entire country.
Fortunately, we have security measures like firewalls, which prevent bad actors from gaining unwanted access to networks.
Preventing your internet from crashing isn't the only positive you can gain from a network firewall. There are also customizable uses for firewalls, like blocking inappropriate online content from your children.
Here's what you need to know about firewalls, including how they work and why they're important.
A firewall is like a bouncer for your internet activity, creating a security barrier between your home network and unwanted intrusion from the internet at large.
Firewalls can be cloud-based, or they can be a physical piece of hardware that you buy and connect to your modem and router. (For the most part though, modems and routers will come with pre-implemented firewall technology.)
If you've ever tried to set up your own server with port forwarding, for instance, you may have been foiled by your router's firewall.
Your computer will also in all likelihood come with its own proprietary firewall, like the Windows Defender Firewall that comes installed on Windows PCs.
There are many types of firewalls, but the gist of how they work is similar: a firewall works by closing your network off by default to most internet traffic, or at the very least, requesting your permission before allowing the traffic in.
Among the distinct forms and types of firewalls in use today, the following are some of the most common.
Having some kind of firewall as a line of defense for your home network has become increasingly important as more devices are internet-enabled. After all, you don't want to worry that your porch's smart light bulb which you installed as a means to dissuade burglars is creating a cybersecurity loophole in your network.
There are benefits beyond security as well: A properly configured firewall can keep your internet running more quickly by routing traffic more efficiently.
Finally, a firewall can also be programmed to act as a content moderator for kids by restricting their access to certain websites. Those sorts of settings won't be standard for a firewall, but can be configured with most of them.
Global Fastly outage takes down many on the wibbly web but El Reg remains standing – The Register
Updated A not-inconsiderable chunk of the World Wide Web, including news sites, social networks, developer sites, and even the UK government's primary portal, has been knocked offline by an apparent outage at edge cloud specialist Fastly though your indefatigable The Register remains aloft.
Mid-morning UK time (09:58 UTC) today, reports began to flood in about errors on a range of seemingly disparate sites: everywhere from Reddit, Twitter, GitHub, Stackoverflow, The Guardian, The Verge, and crowdfunding platform Kickstarter to GOV.UK, the UK government's primary web platform, had started to throw 503 cache errors or connection failure messages to would-be visitors.
Ironically, even legendary webcomic xkcd fell offline.
The root cause, according to security expert Mikko Hypponen and others in the field: Fastly, an edge-centric cloud computing specialist founded in 2011 by former Wikia chief technical officer Artur Bergman, which is apparently having a bad start to the day.
"Fastly edge platform is having problems, which means a big part of the internet is having problems. This includes Twitter. Even fastly.com itself is unavailable in many locations," Hypponen wrote of the outage. "Basically, internet is down."
Click to enlarge
Boasting 1,000 employees and an annual revenue of $200m, Fastly is responsible for optimising websites primarily through its content delivery network (CDN), which appears to have been at the heart of today's outage.
Fastly's status page confirmed "potential impact to performance with our CDN service" starting at 09:58 UTC today which is a somewhat understated way of putting the glitch. At the time of writing, investigations were under way with no timescale yet provided for a fix.
A spokesperson for Fastly confirmed to The Register that the company is "aware of the issue and can confirm it's global," and that "all hands are on deck and working hard to resolve."
Fastly updated its status at 10:44 UTC to say the issue had been "identified and a fix is being implemented."
Fastly has applied the fix, and told customers at 11:57 UK time (10:57 UTC) they "may experience increased origin load as global services return."
To our readers affected, we offer a virtual beer or colddrink. We hope the rest of this day goes better.
See the original post here:
Global Fastly outage takes down many on the wibbly web but El Reg remains standing - The Register
Is the Internet (Briefly) Breaking a Sign of Things to Come? – Vanity Fair
At one point during Tuesday mornings brief global internet outage, The Guardian was covering it solely via Twitter thread. Thus ends my uncomfortable 50 minute period of being the only person in the entire newspaper capable of publishing content, tech reporter Alex Hern tweeted once the site came back onlineat least for him, he noted, as scattered disruptions continued to plague some of the worlds biggest online news platforms, as well as the UK governments home page, some Amazon sites, and streaming services like Hulu and HBO Max. The Verge pivoted to Google Docs to share the news with readers (and briefly forgot to restrict the documents editing abilities, allowing random people to chime in before editors realized what was going on). Were all on pins and needles right now, CNN New Day co-anchor John Berman told his colleague Brian Stelter, who popped onto the program this morning to address the baffling failure as CNNs own website, along with several other publishers, went dark. Right now no indication that this is a cyberware or ransomware attack, but it is one of the most widespread web outages that I have ever seen, said Stelter, CNNs chief media correspondent.
Early risers signing on to check the latest from major online outlets including the New York Times, the Financial Times, BBC, and Cond Nast-owned sites like Reddit and Vanity Fair were greeted with unusual error messages amid the temporary but massive crash, which, as of now, doesnt appear to be rooted in anything malicious. The outage seemed to stem from a problem at Fastly, a content-delivery network (or CDN) that many large companies use to speed up loading times for websites and enhance reliability, among other services, according to the Guardian. Just before 6 a.m. Eastern on Tuesday, the cloud computing provider acknowledged a service issue that had caused disruptions and, about an hour later, stated on its website that the issue has been identified and a fix has been applied.
Fastly-supported apps such as Spotify, Pinterest, and Twitch were among other sites and apps impacted; Twitter, PayPal, and Etsy also experienced problems, according to the Times. Madeline Carr, the director of the Research Institute for Sociotechnical Cyber Security, told the Times there does need to be a level of accountability for companies that provide the infrastructure for websites, since so many rely on it. In the last generation of cybersecurity, it was about ensuring websites were protected or had adequate security, she said, but when youre talking about something like Fastly, in a sense it doesnt matter how secure your own website is.
The sweeping outage comes on the heels of a ransomware attack that last month caused a multi-day shutdown of Americas largest fuel pipeline, which is why, as Berman noted, cybersecurity concerns were among the immediate reaction to Tuesdays crash. But even with no apparent foul play involved, that a glitch at one San Francisco-based technology firm took down huge sites in dozens of countries reflects the reliance that the most popular pages on the internet have on a few big technology firms to help them distribute content and host users, Bloomberg reports. As Stelter noted, This is the internet infrastructure, and when the lights flicker, it has global effects.
More Great Stories From Vanity Fair
The Lab-Leak Theory: Inside the Fight to Uncover COVID-19s Origins Ben Crump Is Thriving in Bidens Washington Why Its Not a Great Time to Be Matt Gaetz AOCs Endorsement Could Change the NYC Mayors RaceBut It May Never Come Trump Has Been Telling People Hes Going to Be President Again Is Juan Williamss Exit From The Five Thanks to a Greg Gutfeld Blood Feud? Republicans Reason Not to Want to Investigate January 6: Theyre to Blame Trumps Inner Circle Is Scrambling at the Likelihood of Criminal Charges From the Archive: 60 Minutes Is Going Down
Not a subscriber? Join Vanity Fair to receive full access to VF.com and the complete online archive now.
Originally posted here:
Is the Internet (Briefly) Breaking a Sign of Things to Come? - Vanity Fair
Comprehensive Report on Internet of Things (IoT) Security Market 2021 | Trends, Growth Demand, Opportunities & Forecast To 2027 | PTC Inc.,…
Global Internet of Things (IoT) Security Market is valued at USD 7.98 Billion in 2018 and expected to reach USD 56.31 Billion by 2025 with the CAGR of 32.2% over the forecast period.
The Global Internet Of Things (IoT) Security Market Research Forecast 2021 2027 provides a comprehensive analysis of the market segments, including their dynamics, size, growth, regulatory requirements, competitive landscape, and emerging opportunities of the global industry. It provides an in-depth study of the Internet Of Things (IoT) Security market by using SWOT analysis. The research analysts provide an elaborate description of the value chain and its distributor analysis. This Market study provides comprehensive data that enhances the understanding, scope, and application of this report
The report enhances the decision making capabilities and helps to create an effective counter strategies to gain competitive advantage.
Get Sample Copy of this premium report at: https://brandessenceresearch.com/requestSample/PostId/578?utm_source=mmc&utm_medium=Djay
Final Report will add the analysis of the impact of COVID-19 on this industry.
Geographically, this report split global into several key Regions, revenue (Million USD) The geography (North America, Europe, Asia-Pacific, Latin America and Middle East & Africa) focusing on key countries in each region. It also covers market drivers, restraints, opportunities, challenges, and key issues in Global Post-Consumer Internet Of Things (IoT) Security Market.
Key Benefits for Post-Consumer Internet Of Things (IoT) Security Market Reports
The analysis provides an exhaustive investigation of the global Post-Consumer Internet Of Things (IoT) Security market together with the future projections to assess the investment feasibility. Furthermore, the report includes both quantitative and qualitative analyses of the Post-Consumer Internet Of Things (IoT) Security market throughout the forecast period. The report also comprehends business opportunities and scope for expansion. Besides this, it provides insights into market threats or barriers and the impact of regulatory framework to give an executive-level blueprint the Post-Consumer Internet Of Things (IoT) Security market. This is done with an aim of helping companies in strategizing their decisions in a better way and finally attains their business goals.
Key players profiled in the report includes:
Segmentation Analysis:
By Type:Network Security, Endpoint Security, Application Security, Cloud Security, Others
By Solution:Identity Access Management, Intrusion Detection System/Intrusion Prevention System, Distributed Denial of Service Protection, Security Analytics, Others
By Service:Consulting, Maintenance, Training
By End-User:Healthcare, Information Technology (IT), Telecom, Banking, Financial Services, And Insurance (BFSI), Automotive, Others
Regional & Country AnalysisNorth America, U.S., Mexico, Canada , Europe, UK, France, Germany, Italy , Asia Pacific, China, Japan, India, Southeast Asia, South America, Brazil, Argentina, Columbia, The Middle East and Africa, GCC, Africa, Rest of Middle East and Africa
Market Drivers:
Increasing patch management solutions vulnerabilities is driving the growth of the market
Rising need of up to date software will propel the market growth
Growing third party application deployment is a driver for the market
Government regulations for promoting patch management may boost the growth of the market
Market Restraints:
Low vulnerability priority reduction is restraining the growth of the market
Lack of awareness for cyber security will hamper the market growth
Patch testing and compatibility issues may also restrict the growth of the market
Get Methodology: https://brandessenceresearch.com/requestMethodology/PostId/578
There are 15 Chapters to display the Global Internet Of Things (IoT) Security market.
Chapter 1, About Executive Summary to describe Definition, Specifications and Classification of Global Internet Of Things (IoT) Security market, Applications, Market Segment by Types
Chapter 2, objective of the study.
Chapter 3, to display Research methodology and techniques.
Chapter 4 and 5, to show the Internet Of Things (IoT) Security Market Analysis, segmentation analysis, characteristics;
Chapter 6 and 7, to show Five forces (bargaining Power of buyers/suppliers), Threats to new entrants and market condition;
Chapter 8 and 9, to show analysis by regional segmentation[North America (Covered in Chapter 6 and 13), United States, Canada, Mexico, Europe (Covered in Chapter 7 and 13), Germany, UK, France, Italy, Spain, Russia, Others, Asia-Pacific (Covered in Chapter 8 and 13), China, Japan, South Korea, Australia, India, Southeast Asia, Others, Middle East and Africa (Covered in Chapter 9 and 13), Saudi Arabia, UAE, Egypt, Nigeria, South Africa, Others, South America (Covered in Chapter 10 and 13), Brazil, Argentina, Columbia, Chile & Others ], comparison, leading countries and opportunities; Regional Marketing Type Analysis, Supply Chain Analysis
Chapter 10, to identify major decision framework accumulated through Industry experts and strategic decision makers;
Chapter 11 and 12, Global Internet Of Things (IoT) Security Market Trend Analysis, Drivers, Challenges by consumer behavior, Marketing Channels
Chapter 13 and 14, about vendor landscape (classification and Market Ranking)
Chapter 15, deals with Global Internet Of Things (IoT) Security Market sales channel, distributors, Research Findings and Conclusion, appendix and data source.
Thanks for reading this article; you can also get individual chapter wise section or region wise report version like North America, Europe or Asia
Get Full Report: https://brandessenceresearch.com/technology-and-media/internet-of-things-iot-security-market-size
Top Trending Reports:
Zero Trust Security market Size: The Globaldemand for Zero Trust Security market, in terms of revenue, was worth ofUSD 15.61 Billionin 2020 and is expected to reachUSD 94.35 Billionin 2027, growing at a digital transaction management CAGR of 19.71 % from 2020 to 2027.
Digital Transforming Consultancy Market Share: Digital transforming consultancy is a service which helps the business to formulate the strategy for their digital transformation & implement it to enhance the business performance through digital technologies.
Zero Emission VehicleIndustry: Zero Emission VehicleIndustry is expected to register over 19.2% CAGR between 2021 and 2027.
Thermoset Composites Market Trend: The Global demand for Thermoset Composites Market, in terms of revenue, was worth ofUSD 24.08 billionin 2019 and is expected to reachUSD 31.7 billionin 2026, growing at CAGR of 5.00% from 2020 to 2026.
Connected Hand Hygiene market Growth: Global Demand forConnected Hand Hygiene market size, in terms of revenue, was worth ofUSD 354.44 Millionin 2019 and is expected to reachUSD 539.90 Millionin 2026, with CAGR of 6.55% from 2020 to 2026.
Anime Market Outlook: The Anime Market is valued atUSD 24.23 Billionin 2020 and anticipated to reachUSD 43.73 Billionby 2027 with a CAGR of 8.8% over the forecast period.
Read the original here:
Comprehensive Report on Internet of Things (IoT) Security Market 2021 | Trends, Growth Demand, Opportunities & Forecast To 2027 | PTC Inc.,...
ALPACA gnaws through TLS protection to snarf cookies and steal data – The Register
Academics from three German universities have found a vulnerability in the Transport Layer Security (TLS) protocol that under limited circumstances allows the theft of session cookies and enables cross-site scripting attacks.
Dubbed ALPACA, which is short for "Application Layer Protocol Confusion Analyzing and Mitigating Cracks in TLS Authentication," the researcher's findings are described in an academic paper [PDF] that's scheduled to be presented in August at Black Hat USA 2021 and the USENIX Security Symposium 2021.
The researchers Marcus Brinkmann, Robert Merget, Jrg Schwenk, Jens Mller of Ruhr University Bochum, Christian Dresen, Damian Poddebniak, and Sebastian Schinzel of Mnster University of Applied Sciences, Juraj Somorovsky of Paderborn University have discovered that TLS, because it's independent from the application layer in the standard networking model, is vulnerable to certificate confusion where wildcard or multi-domain certificates have been deployed.
Because TLS does not bind TCP connections to the desired application layer protocol (e.g. HTTP, SMTP, IMAP, POP3, and FTP), there's an opportunity for a miscreant-in-the-middle (MitM) attack to redirect TLS traffic to a different endpoint at another IP address or port.
"We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security," the boffins' paper explains.
The first such attack, described two decades ago by Jochen Topf [PDF], details how browsers could be duped into sending arbitrary data to any TCP port using HTML forms. The ALPACA attack makes this technique generic across multiple protocols.
In circumstances where an MitM attack is possible (such as a local network or a compromised network system), an attacker-controlled website could initiate a cross-origin HTTPS request with a malicious FTP payload. By redirecting the request to an FTP server with a certificate that's compatible with the web server, the attacker could set a specific cookie via FTP, download a malicious JavaScript file via FTP, or reflect malicious JavaScript in the request.
The researchers demonstrated that their technique works by registering an account with email provider Mailfence. To conduct a miscreant-in-the-browser (MitB) attack, they "posted HTML form data to https://mailfence.com:995 to log into [their] account and retrieve the content of an HTML email (download attack), resulting in JavaScript execution in the context of https://mailfence.com for browsers that ignore the port number in the SOP [same-origin policy], such as Internet Explorer. The issue was acknowledged by the vendor as stored XSS."
They say they found similar exploitable issues at a major Bitcoin exchange, the website of a large university, and the Government of India's webmail service.
The researchers identified 1.4 million web servers that are potentially vulnerable to protocol confusion of this sort and 119,000 of these that are open to attack by an exploitable application server. PoC code has been posted to GitHub.
Since October last year, the researchers have been discussing their findings with various open source projects like OpenSSL, the maintainers of various TLS libraries, projects like nginx and Apache, and various FTP and email server projects.
The boffins argue there's no reason to panic because the ALPACA attack requires a number of prerequisites to work and depends on the complicated interplay between applications, protocols, and browsers. At the same time, ALPACA should not be ignored.
Among the vulnerable application and browser combinations identified are: Sendmail SMTP (Internet Explorer) over STARTTLS; Cyrus, Kerio Connect and Zimbra IMAP enabled download and reflection attacks (Internet Explorer); Courier, Cyrus, Kerio Connect and Zimbra allowed download attacks (Internet Explorer); Microsoft IIS, vsftpd, FileZilla Server and Serv-U FTP servers made reflection attacks possible (Internet Explorer); and these same FTP servers permitted upload and download attacks in any browser.
The suggested mitigations involve implementing Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) extensions to TLS as a barrier to cross-protocol attacks. The problem is that deploying these protections could shut out legacy clients and servers that haven't been updated yet.
The fix for this bug is not a simple patch; rather it requires updates to multiple libraries and applications. The researchers say that they expect ALPACA will be keeping us company for many years to come.
Here is the original post:
ALPACA gnaws through TLS protection to snarf cookies and steal data - The Register
Working from home amid Covid-19 pandemic blamed for rise in cyber hits on Singapore organisations – The Straits Times
SINGAPORE - While working from home has become the norm for many people amid the Covid-19 pandemic, it might have also caused many organisations in Singapore to fall victim to cyber attacks.
About eight in 10 public- and private-sector organisations here attributed such a working arrangement to a rise in cyber attacks across the board, said a report by software company VMware on June 4.
This is comparable withthe global figure across 14 markets.
Nearly seven in 10 here said the attacks were serious enough to report to regulators or to call in an incident response team. Globally, this is higher - at eight in 10.
"Digital transformation programmes advanced rapidly as the cyber-attack surface expanded to include living rooms, kitchens, home networks and personal devices," explained principal cyber-security strategist Rick McElroy of VMware's security business unit.
Mr McElroy added that while remote employees' work laptops are usually well secured, home Wi-Fi networks used to go online can pose serious security risks.
"Updates to home router software are often overlooked, and many home networks do not have a firewall installed. These unsecured and unpatched networks can result in network security gaps," he said, pointing also to issues with the use of other Internet-connected devices on home networks for work.
The remote workforce behaves very differently from the office workforce - its members access the organisation's network at unpredictable hours as they strive to stay productive while caring for their families and following government restrictions.
This means network traffic has "changed beyond recognition", and organisations must adapt monitoring systems or risk leaving an opportunity for hackers to use atypical patterns to mask their infiltration attempts, Mr McElroy said.
What is key is that companies need to understand how people interact with technology, he said. This can include when an employee usually works, the applications he normally uses and the websites he commonly visits.
So for example, when an employee who usually works in California logs in 10 minutes later from Singapore, which is humanly impossible, the company knows something is amiss.
"Knowing this baseline helps better detect a malicious log-in," said Mr McElroy.
The VMware-commissioned study polled about 250 chief information officers, chief technology officers and chief information security officers here last December.
They came from the financial, healthcare, government, retail, manufacturing and engineering, food and beverage, utilities, professional services, and media and entertainment sectors.
The study found that organisations here reported more cyber attacks in the previous 12 months, with 64 per cent saying so.
About a year ago, the figure was 43 per cent.
More organisations globally saw more cyber attacks than those in Singapore in this year's report, with 76 per cent reporting this.
However, the Republic had more breaches on average per organisation - 3.3 versus 2.35 globally.
The leading cause of breaches reported here was a weakness in processes, with 22 per cent of respondents citing this. One exampleis companies not deploying patches on a regular basis.
The next top causes of breaches were using out-of-date security (20 per cent) and third-party apps (13 per cent).
Outdated security includes operating systems that are no longer supported by their developers, such as those found in manufacturing systems.
Some cases involved an old critical application that is not updated because doing so might mean taking vital systems offline.
These legacy systems and old apps could remain unpatched for vulnerabilities, and using modern security solutions to protect them is difficult at times.
Third-party apps that can lead to breaches include externally developed ones used for sharing files, which can allow crooks to access sensitive data if hacked.
These top causes of attacks generally boil down to how organisations' information technology and security operations teams interact and work in silos when solving issues, said Mr McElroy.
To address some of these issues, he advised organisations to have security in place "wherever and whenever humans interact with systems", including online programs and applications.
See the original post:
Working from home amid Covid-19 pandemic blamed for rise in cyber hits on Singapore organisations - The Straits Times