now browsing by tag


4 Tips to Run Fast in the Face of Digital …

Source: National Cyber Security – Produced By Gregory Evans

This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.

Unlike the 16-game NFL season, for the eight in 10 companies in the US undergoing digital transformation (DX), there’s no off-season. The journey is an ongoing one that, for IT leaders, can feel like an endurance challenge, not to mention a massive expense, with DX spending predicted to reach nearly $2 trillion in 2022, according to IDC.

Application-centric visibility is key to accelerating DX. By better visualizing, isolating, and understanding application interaction and usage patterns, organizations can accelerate secure deployment of their digital applications and prompt touchdown dances for DX victories both small and large along the way. I mean, who doesn’t want to see a SecOps team do the Ickey Shuffle?

But getting there requires adapting to the speed of the game, or transforming rapidly, which isn’t an easy feat when DX involves complexities like public, private, and hybrid cloud infrastructure and a new breed of multitier applications need to be managed and secured. Much like a wide receiver making plays in double coverage, networking pros have to be able to run fast networks during DX while navigating everything from changing IT environments to regulatory challenges like the General Data Protection Regulation and security demands in the context of escalating cybercrime.

Here are four gridiron-inspired tips that can help see your way to DX success with data, guaranteeing a SecOps Gronk spike:

1. Create a championship culture from top to bottom.
Organizations can take a cue from great sports franchises that develop and maintain a winning culture. Digital transformation is a business imperative and, much like winning, is built on strong technology underpinnings, ultimately focused on driving the culture of the organization. It starts at the board and C-level team with a vision of what you want the company to be in five years and then determining whether or not you have the culture, people, and resources to get there. You have to deliberately become a data-driven culture in every aspect from top to bottom, and treat cybersecurity as a strategic business enabler rather than an obstacle, in order to win at DX.

2. See everything, all the time. 
Whether we’re talking turf or network, clear visibility of the traffic is just as important as any other technical skills. Like a pass rusher on the quarterback’s blind side, malware moves and data exfiltration happens across the network in stealth mode — not to mention the complexity of applications operating on-premises, in the cloud, or both. Having a clear line of sight into the organization’s network and application layers lets you visualize your infrastructure, what’s running on it, and how applications are performing and interacting with each other — and from there, extract kernels of insight to guide your DX efforts.

3. Handle complex schemes at top speeds.
Getting 53 professional athletes to master an NFL playbook comes with its challenges, not unlike wrangling the new breed of digital applications. Both require turning complexity into cohesion — and doing so fast. I’m referring to applications with multiple tiers (where each tier is scaled out and there’s a set of microservices), some of which are built in-house, others are built externally, and some come from open source. When the components are sandwiched together, complexity escalates rapidly, which ultimately manifests itself as challenges around securing the applications, as well as ensuring consistent performance and experience. The key to keeping things under control is having the right kind of data to help you understand the interaction, performance, and security characteristics of these applications.

4. Be a good halftime coach.
Good coaches make quick adjustments to position the team for second-half success. NetOps and SecOps teams can relate when it comes to troubleshooting, managing, and securing applications. Whatever the application architecture, once in deployment something at some point is bound to go awry. You need to figure out what’s happening and quickly course correct, but when you’re scaling microservices, it’s hard to troubleshoot just through application instrumentation. By analyzing the network traffic pertaining to these applications, you get immediate actionable data points that can be used to address trouble spots and understand security implications as well. The ability to isolate specific applications or microservices communication streams for deeper inspection would allow the security operations to easily understand access patterns and put in place effective micro segmentation strategies.

The NFL game is faster than ever, and the same can be said for the pace of digital business and the proliferation of cyber threats. The ability to the handle day-to-day challenges while positioning the organization for future success is only possible with the appropriate infrastructure in place. NetOps and SecOps teams are tasked with the development, implementation, maintenance, and security of very complex enterprise infrastructures that prepare their organization for tomorrow, much like NFL teams must draft and develop players for future success. Both must do so while reducing risks, costs, and security threats along the way. With the above-mentioned tips as the foundation of your journey, you can position your organization for success for seasons to come.

Related Content:


Shane Buckley is President and Chief Operating Officer of Gigamon with responsibility for expanding the company’s business and markets worldwide. He brings more than 20 years of executive management experience to the team and joins Gigamon from Xirrus where he was CEO prior … View Full Bio

More Insights

Source link

The post 4 Tips to Run Fast in the Face of Digital … appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Pollies to face phishing tests after Parliament breach – Strategy – Security

Source: National Cyber Security – Produced By Gregory Evans Parliamentarians and their staff will be subject to phishing email simulations in the wake of the state-sponsored cyber attack against Parliament House earlier this year. The Department of Parliamentary Services will conduct the simulations as part of a new program to test the cyber security awareness […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Porn-User Face Scans: Australia Thinks of the Children

Source: National Cyber Security – Produced By Gregory Evans

The Australian government has a cunning plan: It’s going to protect kids from pornography—by taking photos of users’ faces. Yep, you read that right.

What could possibly go wrong? The Department of Home Affairs in Canberra appears to think everything is defo dardy, so long as they’re protecting fair-dinkum ankle biters from nuddy Sheilas.

Bloody oath, Bruce. In today’s SB Blogwatch, we think of the shark biscuits.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: gay pirate assassins.

Rack Off, Ya Mongrels

What’s the craic? Finbar O’Mallon reports that the government “suggests porn viewers be subject to face scans”:

 The Department of Home Affairs has suggested using face scans to confirm people’s age before they watch online pornography. … The United Kingdom this month abandoned plans to introduce a nationwide age verification system for online pornography, after years of … concerns from privacy campaigners.

[It] would piggyback off a separate proposed facial recognition scheme being pursued by the federal government, [in] a contentious plan to permit government agencies, telecom companies and banks to use [the] technology. … Under the laws, driver’s licence, passport and visa images would be stored by the Home Affairs Department in an “interoperability hub.”

Wait, what? Claire Reilly jests—“Proving that you’re old enough for online porn could get a lot more awkward”:

 Australia is going all-in with a new proposal that could require internet users to verify their identity in a face-matching database. … The first phase of the Face Verification Service launched in 2016 with a database that included citizenship images, accessible by government agencies.

However, the Government has proposed expanding the Service to include drivers’ license photos to capture a larger part of the population. … The proposal comes at a time when the issue of age verification is being keenly debated, with religious groups calling for the protection of minors and civil liberties groups raising concerns about … privacy and security.

Yikes. ryanja tries to draw parallels:

 Wow, I thought it was bad when Amazon gave Ring footage to authorities without a warrant. This is literally the government wanting access to view cameras inside your house because “think of the children.”

And to what end? Pat Gunn comes right out and says it—“Children should have access to porn”:

 Age limits … seem like a senseless hassle for an incomprehensible end. It’s not like it was hard for people in earlier times to get access to porn.

But is that really what they’re trying to do? A_Very_Tired_Geek is suddenly wide awake:

 This is less about keeping porn away from kids, than it is keeping adults away from porn. … It’s a back door towards censoring porn sites without saying they’re actually doing that.

Then you get the slippery slope argument: first porn, then…?

What could possibly go wrong? omnichad counts the ways:

 1) Data gets MITMed and used for blackmail
2) Pictures of faces – like the actual one on the ID photo will probably work fine
3) Giving any personal information to an untrusted web site … is a problem if you’re required to match up info with the face
4) Access would be limited only to devices with cameras, which is bizarre on its own
5) False positives could be associated with a different person
6) Government has a database of this activity
7) Yeah, I’ll quit now – there are too many.

But something must be done! thekaj suggests something else:

 I’m certainly not advocating that parents actually promote that their kids watch porn. But it’s Children 101-level stuff to know that the more you do to tell a kid that something is forbidden, the more they’re going to want to see/do it. One only has to look at the inverse relationship between abstinence-only sex education and teen pregnancy rates to see that.

OTOH, Collective Shout—“A grassroots campaigning movement against the objectification of women & sexualisation of girls”—is campaigning for exactly this:

 It’s touching to see how many men suddenly become champions of women’s rights, so concerned about women’s ‘freedom’ to be objectified & degraded for men’s entertainment. Their attempts to frame men’s sexual use, abuse & exploitation of women as women’s freedom are transparent.

It’s about objecting to misogyny and the view that women and girls exist to be objectified, demeaned and exploited for men’s sexual gratification.

Bit by bit, we are changing a culture that tolerates sexist and pornified representations of women as ‘normal’ and acceptable. We will continue to campaign for porn age verification to prevent Australian kids from being exposed to porn.

Meanwhile, Hallux-F-Sinister thinks of ways around it:

 Very funny, Australia. … What are they going to do about kids downloading a picture of an adult [Australian citizen’s] face from the internet, printing that out or just displaying it on another device, then holding THAT up to the camera?

Good luck with all that, Australia. The kids definitely will never find a way to circumvent the things preventing them from looking at what they want to look at.

And Svip thinks of whose face to download:

 I predict government data will soon show that Scott Morrison [the Prime Minister] consumes 80% of all porn.

And Finally:

Consumer VPN services suck; Tom Scott piles on

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: @ScottMorrisonMP

Source link

The post #cybersecurity | #hackerspace |<p> Porn-User Face Scans: Australia Thinks of the Children <p> appeared first on National Cyber Security.

View full post on National Cyber Security

UK #businesses face #growing #threat from #cyber-attacks

Criminal cyber-attacks on UK businesses increased last year, according to the annual report of the National Cyber Security Centre.

Firms face a growing threat from ransomware, data breaches and weaknesses in the supply chain, according to the report, published on Tuesday. Emerging threats include theft from cloud storage, which the NCSC argues too many businesses put their faith in.

“Criminals are launching more online attacks on UK businesses than ever before,” a summary accompanying the report said.

The NCSC, in effect the shop window for the government surveillance agency GCHQ, was set up in late 2016 amid alarm over potential attacks on UK institutions, infrastructure and businesses.

The report, Cyber Threat to UK Business Industry 2017-2018, is published to coincide with the opening of a organised by the NCSC, which is expected to attracted 1,800 cybersecurity experts from law enforcement, government and the private sector.

Ciaran Martin, head of the NCSC, said: “The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.

“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk and reducing their return on investment.”

The report was written in collaboration with the National Crime Agency. Donald Toon, director of economic and cybercrime at the NCA, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cybersecurity extremely seriously in the next year are risking serious financial and reputational consequences.”

Under-reporting of cybercrime by businesses means crucial evidence and intelligence about threats and offenders can be lost. Toon called for full and early reporting of cybercrime.

by the NCSC show 34 significant cyber-attacks took place between October 2016, when the agency was launched, and the end of 2017. A further 762 attacks were less serious. “2018 will bring more of these attacks,” the report said.

It does not break down the figures to distinguish which attacks were purely criminal and which were state-sponsored. The report said that the distinction can be blurred, making attribution difficult.

Among the surveys cited was one by , which recorded a 91% increase in ransom attempts between the first and third quarters of last year.

Vulnerabilities highlighted in the NCSC report included the spread of the , which includes the interconnection of household appliances and other devices. “The internet of things and its associated threats will continue to grow and the race between hackers’ and defenders’ capabilities will increase in pace and intensity,” the report said.

“Many internet-connected devices sold to consumers lack basic cybersecurity provisions. With so many devices unsecured, vulnerabilities will continue to be exploited.”

The NCSC has also issued a warning over cloud security: “As more organisations decide to move data to the cloud (including confidential or sensitive information), it will become a tempting target for a range of cyber criminals.

“They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information.”

The report warns that no matter how good a company’s cybersecurity, it is at risk if this is not matched by the management of service providers and software, which can offer a potential stepping stone into the networks of thousands of clients.

“It is clear that even if an organisation has excellent cybersecurity, there can be no guarantee that the same standards are applied by contractors and third-party suppliers in the supply chain,” the report said. “Attackers will target the most vulnerable part of a supply chain to reach their intended victim.”


The post UK #businesses face #growing #threat from #cyber-attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Face #ID shown #unlocking for #family #members who aren’t #alike

Source: National Cyber Security – Produced By Gregory Evans

Apple’s Face ID is the safest facial recognition system ever made for smartphones. Unlike its Android alternatives, it can’t be hacked with photos, and it can be used to authenticate mobile payments. It’s a lot more secure than Touch ID, and it’ll likely equip more Apple devices in the future. Even Android device makers are expected to copy Face ID this year.

But Face ID isn’t hackproof. It’s been proven already that young children can hack into their parents’ iPhone X units. Twins and triplets can also unlock the phones belonging to their siblings, especially at young age, and it’s pretty obvious why that happens.

A brand new video shows the same kind of Face ID hack between two family members who aren’t alike.

Posted on YouTube, a short video clip shows a daughter and mother unlocking the same iPhone using Face ID. The daughter isn’t that young, and she’s not so similar to her mother.

The Face ID hack is successful time and again, which is impressive. Somehow, the device thinks the same person is facing the phone, and it’s unlocking the device accordingly.

It’s unclear at this time whether the iPhone was trained to recognize both family members. The way Face ID works is that it keeps taking images of the user whenever the phone is unlocked, to continuously update the mathematical expression assigned to one’s face. By inputting the password after a failed Face ID unlock, you practically instruct the phone to include the most recent scan in its library, especially if it somewhat matches your face. Is this a real hack? Or is it a sort of error where Face ID was simply trained to recognize both faces, and made up some sort of weird mix between the two? After all, the two women are still mother and daughter, so it’s likely Face ID can find more than a few similarities between them.

Here’s a reminder of how Face ID works:

To improve unlock performance and keep pace with the natural changes of your face and look, Face ID augments its stored mathematical representation over time. Upon successful unlock, Face ID may use the newly calculated mathematical representation—if its quality is sufficient—for a finite number of additional unlocks before that data is discarded. Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.

Whatever is allowing this hack to work, Apple should definitely find a way to fix it.

The post Face #ID shown #unlocking for #family #members who aren’t #alike appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Singapore #banks to face new #cybersecurity #regulations

Source: National Cyber Security – Produced By Gregory Evans

Singapore #banks to face new #cybersecurity #regulations

Ravi Menon, managing director of the city state’s central bank, the Monetary Authority of Singapore (MAS), reportedly told The Business Times that MAS will look to introduce new cyber rules in a bid to encourage greater adoption of online and digital banking.

According to The Business Times report, Menon said: “The use of technology is not going to take off if we have not successfully addressed the cybersecurity problem, and assured ourselves and Singaporeans that cyber risks are reasonably well mitigated. MAS has been raising the level of expected standards for cyber risk-management. We want to do some things through regulation, in terms of setting requirements for cyber.”

“Cyber risk is the least known risk of all the major risks facing banks. The models to track, manage and mitigate these risks are not as well developed as the models for the more traditional areas,” he said.

According to the report, there are more than 400 financial technology (fintech) companies now operating in Singapore, while 20 global banks and insurers have also established innovation labs within the country.

In June 2016, MAS announced plans to create a regulatory sandbox to support innovation in fintech. Under the scheme, financial services firms, technology companies and other “non-financial players” in Singapore have the chance to test new fintech products and services in an environment where some regulatory requirements are relaxed. The scheme is similar to others established by financial regulators around the world, including in the UK where the Financial Conduct Authority (FCA) pioneered the concept.

In March this year, MAS approved the first company to participate in its regulatory sandbox.

Menon said MAS has received more than 30 applications in total from businesses seeking to participate in sandbox testing, more than 80% of which have come from fintech startups, according to The Business Times report.

Menon admitted, however, that businesses have faced delays in winning approval from MAS for sandbox testing.

“One would have hoped we could have approved sandbox applications in weeks rather than months. But, we are learning ourselves – we’re in the sandbox, too,” Menon said, according to the report. “We are working out reduced requirements, looking at what are the requirements we can lift.”

The post Singapore #banks to face new #cybersecurity #regulations appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Will the iPhone X’s Face ID be hackable? Security expert weighs in

Will the iPhone X’s Face ID be hackable? Security expert weighs inSource: National Cyber Security – Produced By Gregory Evans The iPhone X’s facial recognition technologies have been called into question by a security consultant at global tech firm Synopsys, who claims that no facial recognition technology is ever unbeatable. Nikola Cucakovic posted a blog titled ‘How secure is iPhone X Face ID facial recognition’, which […] View full post on AmIHackerProof.com | Can You Be Hacked?

Apple’s New iPhone X Could Help Identity Thieves Steal Your Face

Source: National Cyber Security – Produced By Gregory Evans

Apple has announced that it plans to replace previous iPhone login credentials with facial recognition technology to log into the iPhone and to access Apple Pay. This should prompt some privacy and security concerns, but probably not the ones you’re thinking. It’s not the TSA or the Deep State who…

The post Apple’s New iPhone X Could Help Identity Thieves Steal Your Face appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Fiat Must Face Some Claims In Drivers’ Hacking Risk Suit

Source: National Cyber Security – Produced By Gregory Evans

An Illinois federal judge on Monday refused to entirely dismiss a putative class action claiming some Fiat Chrysler Jeeps are susceptible to hacking, saying that the plaintiffs can continue to claim they overpaid for the vehicles. District Court Judge Michael Reagan dismissed remaining claims that possible future car hacking could…

The post Fiat Must Face Some Claims In Drivers’ Hacking Risk Suit appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures