Future

now browsing by tag

 
 

International Workshop on Future Information, Security, Privacy and Forensic for Complex Systems (FISP)

General Cybersecurity Conference

 August 13 – 15, 2018 | Gran Canaria, Spain

Cybersecurity Conference Description

Availability, integrity and secrecy of complex information systems are increasingly important requirements for modern society as well as nations as with every passing day computers control and administer more and more aspects of human life. We entrust much of our lives to information and computer technologies (ICT’s). However, it is difficult and challenging task to understand security risk and to provide effective security solution as attackers only need to find a single vulnerability but developers or system administrators need to find and fix all vulnerabilities. In addition, cyber space is considered as fifth battle-field after land, air, water and space.

The aim of FISP-2018 is to provide a premier international platform for wide range of professions including scholars, researchers, academicians and Industry people to discuss and present the most recent challenges and developments in “Information Security, Privacy and Forensics for Complex systems” from the perspective of providing security awareness and its best practices for the real world. After the high success of the previous edition (FISP’2017) in conjunction with 12th International Conference on Future Networks and Communications 2017 (FNC-2017), Belgium, the fourth International Workshop on Future Information Security, Privacy and Forensics for Complex systems (FISP-2018) will continue to open to submit novel and high quality research contributions as well as state of the art reviews in the field of information security and privacy. We anticipate that this workshop will open new entrance for further research and technology improvements in this important area.

advertisement:

The post International Workshop on Future Information, Security, Privacy and Forensic for Complex Systems (FISP) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #future of #computer #security is #machine vs #machine

A growing number of computer security thinkers, including myself, think that in the very near future, most computer security will be machine versus machine–good bots versus bad bots, completely automated. We are almost there now.

Fortunately or unfortunately, I don’t think we’ll get to a purely automated defense for a long, long time.

Today’s security defenses
Much of our computer security defenses are already completely automated. Our operating systems are more securely configured out of the box, from firmware startup to the operating system running apps in secure hardware-enforced virtual boundaries, than ever before. If left alone in their default state, our operating systems will auto-update themselves to minimize any known vulnerabilities that have been addressed by the OS vendor.

Most operating systems come with rudimentary blacklists of “bad apps” and “bad digital certificates” that they will not run and always-on firewalls with a nice set of “deny-by-default” rules. Each OS either contains a built-in, self-updating, antimalware program or the users or administrators install one as one of the first administrative tasks they perform. When a new malware program is released, most antimalware programs get a signature update within 24 hours.

Most enterprises are running or subscribing to event log message management services (e.

Read More….

advertisement:

The post The #future of #computer #security is #machine vs #machine appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #Future Of #Company #Cybersecurity? #Pentesting, Says #CyberByte

Source: National Cyber Security News

Companies rank cybersecurity as one of their top priorities – yet, when enquired, their respective departments hard-pressed to identify the core steps that need to be taken in order to maintain it at top levels. CyberByte, the preeminent Romanian cybersecurity firm, has recently published an informative article, wherein it maintains that penetration testing – or pentesting- will define the future of company cybersecurity.

The term pentesting refers to “a series of ethical hacking attacks on IT systems”, which are made with the ultimate goal of uncovering system vulnerabilities and potential cybersecurity issues. In addition to helping calculate the chances of a potential cyberattack succeeding, pentesting provides an overview of the efficacy of a company’s cybersecurity measures that are already in place, with its results acting as a guide for further improvements that need to be made in order to bolster existing cybersecurity strategies.

“Pentests are classified according to the information available for each system. The two most commonly used methods of pentesting, the Penetration Testing Execution Standard or PTES, and the OWASP method, are not particularly innovative. The same applies for the Open Source Security Testing Methodology Manual, or OSSTMT, which has now become an industry standard – despite the fact that, much like the aforementioned methods, it represents a very primordial approach to a universal cybersecurity structure,” said Mr.

Read More….

advertisement:

View full post on National Cyber Security Ventures

The most #notorious #hacks in #history, and what they mean for the #future of #cybersecurity

Source: National Cyber Security News

Where has the time gone? February is almost over, and already we’ve seen several major vulnerabilities and hacks this year! As we head further into what’s sure to be another busy year for cybersecurity, it’s important to take a step back and examine how we got here.

For nearly four decades, cyber criminals have been exploiting the latest and greatest technology for fun, profit and power. In that time, the word “hacker” has taken on many meanings. At first, it referred to mischievous young techies looking to build a reputation on the internet, but it has since become a worldwide title for data thieves, malicious online “entrepreneurs” and geopolitical operatives. The threats and tactics that hackers use have evolved, too – from small-time scams to dangerous worms and earth-shaking breaches.

As a result, the security industry has been in game of “cyber cat and mouse” for the better part of a half-century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by sophisticated threat actors.

Let’s take a look back at the past four decades to assess the most notorious hacks in each era, why they mattered, and how the security industry responded.

Read More….

advertisement:

View full post on National Cyber Security Ventures

How #quantum #computing could create #unbreakable #encryption and save the #future of #cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

A new breakthrough in quantum computing may mean quantum key distribution (QKD) is on its way toward being a practical cybersecurity protocol.

Researchers at Duke University, The Ohio State University, and Oak Ridge National Laboratory have announced in the latest issue of Science Advances that they’ve increased the speed of QKD transmission by between five and 10 times the current rates.

Up until this latest breakthrough, which is delivering megabit/second rates, speeds were restricted to between tens to hundreds of kilobits a second.

What is quantum key distribution?

It sounds like something straight out of science fiction, but quantum key distribution is reality, and it could be protecting your data before you know it.

QKD uses photons—particles of light—to encode data in qubits, or quantum bits. The qubits are transmitted to a sender and recipient as an encryption key, and here’s where things get crazy: The transmission channels don’t need to be secure.

QKD’s whole purpose rests on quantum indeterminacy, which states that measuring something affects its original state. In the case of QKD, measuring photonic qubits affects their encoding, which allows the sender and recipient to immediately know if a hacker is trying to crack their quantum encryption key.

That means, theoretically at least, that QKD would be a perfect encryption: Any attempts to crack it would immediately be noticed and keys could be changed.

Making QKD practical for cybersecurity

The breakthrough made by the Duke research team came from being able to pack more data onto a single photon. The trick was learning to adjust the time at which the photon was released, along with adjusting the phase of the photon, causing it to be able to hold two bits of information instead of just one.

What makes the new system developed by the researchers even more amazing is that they were able to do it with nothing but commercially available telecommunication hardware, save the single-photon detector.

“With some engineering,” said Duke graduate student Nurul Taimur Islam, “we could probably fit the entire transmitter and receiver in a box as big as a computer CPU.”

Islam and his research partners say that hardware imperfections render their QKD system less than hack-proof, but their research continues to incorporate hardware shortcomings to make up for them.

“We wanted to identify every experimental flaw in the system, and include these flaws in the theory so that we could ensure our system is secure and there is no potential side-channel attack,” Islam said.

While it’s likely to take some time to emerge from the research phase and become a practical tool, this latest QKD breakthrough gives cybersecurity a leg up on cybercriminals.

As quantum computing becomes accessible, the likelihood of it being used to obliterate current forms of encryption increases, making the development of practical QKD essential. This should come as good news to anyone concerned about the current, and future, state of cybersecurity.

The post How #quantum #computing could create #unbreakable #encryption and save the #future of #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How To Look #Back To The #Future Of #Cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

How To Look #Back To The #Future Of #Cybersecurity

As if to cap off an already eventful National Cybersecurity Awareness Month—and perhaps proving that there is no honor among thieves—a hacker breached a forum for hackers last week, and is ransoming fellow cyber-attackers’ user data for $50,000. And there certainly seems to be plenty of occasions to increase our awareness of cybersecurity issues.

About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016—according to a digital security firm’s study. The U.S. Department of Homeland Security issued a warning last week about the Bad Rabbit ransomware, which is disrupting government, hospital and other systems internationally. And cybersecurity researchers confirmed last week that an enormous botnet has already infected more than one million organizations—and is on the verge of unleashing “the next cyber-hurricane.”

It’s crucial that we learn from these attacks. And—just as some are using high-tech for cyberattacks—others are using blockchain, artificial intelligence and other cutting-edge technology to improve cybersecurity.

Blockchain, AI, and IoT to the rescue

With so many cyberattacks targeting centralized services, blockchain’s decentralized technology offers cyber-defenses from many types of attacks, according to PC Magazine last week. Among the benefits are blockchain’s transparency and distributed nature, which eliminate the single failure points that many hackers prey upon. But …

“The best defense [organizations] have is the same thing that makes them such an appealing target for hackers: a mountain of data,” PC Magazine stated in a different story last week. “By using machine learning algorithms and other artificial intelligence techniques to identify data patterns, vulnerable user behaviors and predictive security trends, companies are mining and analyzing the wealth of data at their disposal to hopefully stop the next breach from happening.”

However, networks and Internet of Things sensors will still require cybersecurity technology, VentureBeat stated this month. Unsecured devices can be terrible liabilities, so organizations should earnestly evaluate the opportunities and vulnerabilities offered by AI and IoT—and ensure that all users are well trained.

Build a tech-savvy phalanx

Technical savvy helps employees across the organization better understand their work environment and, as a result, operate more securely, according to SmartBrief last week. This will only get more important, as data analytics is increasingly crucial to business success—and as workflow automation continues to get cheaper.

And making rules isn’t enough. For example, in healthcare, HIPAA regulations require that organizations train their workers to maintain patient privacy—and punish those who violate policies and procedures. But employee security awareness is the top healthcare data security concern for 80 percent of health IT executives, according to a 2017 healthcare security study.

“Build a culture of cybersecurity among your executive and physician leaders,” Theresa Meadows, CHCIO, Senior VP and CIO of Cook Children’s Health Care System, stated last month. “Educate them about the threats, myths and importance of good cyber hygiene … they can champion the cause among their peers and staff and get them to buy into safety processes.”

Of course, cybersecurity cultures don’t sprout up overnight.

Learning our lessons

Chief information security officers face the increasingly difficult job of convincing their c-suites that cybersecurity expenditures are worth the big bucks, according to Government Computer News this month. CISOs can use their organizations wealth of data to frame cybersecurity in terms that managers and executives can understand, such as managing risk, business continuity and regulatory compliance.

In short, it’s about taking a step back and learning lessons from the big picture.

“We are so overwhelmed with present security concerns that we don’t have the ability to look into the future — or we hesitate to second guess what cybercriminals might end up doing,” IT Business Edge stated last week. “It’s up to us to recognize what we’ve seen in the past in order to rethink our security solutions of the future.”

And last week’s hacking of the hackers’ forum—as well as other events from this year’s National Cybersecurity Awareness Month—have given us plenty of source material to learn from.

The post How To Look #Back To The #Future Of #Cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business

Source: National Cyber Security – Produced By Gregory Evans

The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business

Conversations about the future of work have to include security. I’ll take that one step further: the future of work very much revolves around the future of security. New ways of working offer exciting opportunities to boost employee productivity, creativity, and engagement, but they can’t come at the expense of security. On the contrary, many of the same practices already shaping the future of work—BYOD, unprecedented mobility, any-network access, employee-centric experiences—can increase risk for data, applications and networks. The attack surface has never been so broad or so inviting—and threats have never been more sophisticated.

At a time when data is both more valuable and more vulnerable than ever, how will we secure the future of work? As a guiding principle, we can’t rely on add-on security technologies and siloed teams. Security must be woven throughout both the IT architecture and the organization to ensure that no matter how or where people work, the organization is protected. At the same time, the measures we rely on can’t be allowed to impair the user’s experience or productivity. Today’s workforce won’t accept arbitrary restrictions or barriers; the same creative spirit that fuels innovation will also lead them to seek consumer-market workarounds.

The key is to make cybersecurity everyone’s business. When employees are fully bought in to security—when they understand its importance and relevance, and they’re empowered to support it without sacrificing their own work, your security team becomes truly organization-wide.

To that end, here are five security best practices for the future of work.
Educate users
This isn’t exactly new—fair enough. User education has been a tenet of cybersecurity since the early days. But that makes it all the more important to reinforce its importance, so that we never overlook it or take it for granted. As people gain the freedom to work anywhere, on any device, knowing how to do so safely must be a top priority.

In the employee-centric modern workplace, it’s also important to consider how this education takes place. It’s not enough simply to recite lists of rules and protocols. Instead, engage in a true dialogue—take the time to understand users’ needs and practices, and then explain your security policies in ways that are accessible and relevant to their daily experience.

Extend the discussion beyond the office environment to encompass every other setting where work takes place. How can you recognize whether a public wifi connection is safe to use? What are the risks around USB sticks? How can employees secure the consumer technologies in their homes, so their kids don’t introduce vulnerabilities into the family WiFi network with a jailbroken phone?

Engage with lines of business
Security doesn’t happen in a vacuum. The most effective policies are grounded in a firm knowledge of operational processes. Meet regularly with business decision-makers to understand the implications of new initiatives. By building rapport and trust, you can gain a seat at the table to make sure that appropriate safeguards are built into each project right from the beginning. You’ll also get crucial perspective into the tools, workflows and practices that enable the group to drive value, helping you design measures that maintain protection and control without getting in the way of business.

Modernize and mobilize your security policies
Mobility increasingly defines IT—in terms of both the mobile devices people use, and the constant movement of people, devices and data from one place to another. As employees use non-corporate devices, networks and storage systems to meet their needs—whether personally owned, third-party or public—your risk profile rises dramatically. At the same time, they usually have valid reasons for doing so. You can’t just say no; you’ve got to find secure ways to accommodate it.

Make sure your security policies reflect the real world—not some antiseptic, locked-down cybersecurity dream (and employee nightmare). Create clear rules and guidelines to help employees stay safe without losing the freedom and flexibility they’ve come to rely on. Specify convenient yet secure alternatives to consumer-grade technologies. Differentiate between scenarios—what’s safe at Starbucks vs. headquarters, what types of work should be saved for a more secure location—and set up your granular access control policies accordingly.

Enforce policies fairly and consistently
Inconsistent enforcement can doom even the best security policy—and can undermine the credibility of any subsequent policy. You put a lot of thought into creating the right rules and procedures for your business; now make sure they’re enforced the same way every time, for every user, with no exceptions. A sense of fairness will promote employee buy-in. After all, it’s not just a matter of meaning what you say—users have to take it to heart and mean it, too. When security becomes part of your culture, the whole organization becomes safer for the long term no matter what the future brings.

Make it seamless—and automatic
The less you have to rely on human intervention, the more reliable security becomes. This can include everything from conditional access controls that show employees only the apps they’re authorized to use in a given scenario, to business data encryption by default on mobile devices. Open-in controls can prevent email attachments from opening in non-corporate apps. Micro-VPN can ensure security over public wifi. Automated logging and reporting can facilitate compliance and audit readiness. There are many opportunities to make security more seamless and transparent for users, and simpler and more efficient for IT to maintain. As the scale and complexity of the enterprise environment continues to grow, steps like these will be critical to stay one step ahead.

The future of work gets a lot of buzz these days, and rightly so—it gets more exciting by the day. With these best practices, you can make sure it’s also growing more secure by the day.

The post The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked?

Source: National Cyber Security – Produced By Gregory Evans

A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently. The targets…

The post Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity channel chiefs and MSSPs look to the future

Source: National Cyber Security – Produced By Gregory Evans

The cybersecurity market is rife with conferences that feature keynote speakers, industry experts, vendor demos, training sessions, hack-a-thons and professional networking. Some of the best events are centered on a narrowly defined topic, an industry vertical, or a niche technology. And with CyberTechnologyXchange (CTX), we have a new venue focused…

The post Cybersecurity channel chiefs and MSSPs look to the future appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

‘Cybersecurity Is Critical To Future Prosperity’

Source: National Cyber Security – Produced By Gregory Evans

“Cybersecurity is critical to our future prosperity and security” as the “evolution of technology has fundamentally changed our security landscape, Minister of National Security Wayne Caines said today. Speaking during the opening of the Cybersecurity Framework Workshop at BUEI, Minister Caines said, “On behalf of the Government of Bermuda, it…

The post ‘Cybersecurity Is Critical To Future Prosperity’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures