now browsing by tag


How #quantum #computing could create #unbreakable #encryption and save the #future of #cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

A new breakthrough in quantum computing may mean quantum key distribution (QKD) is on its way toward being a practical cybersecurity protocol.

Researchers at Duke University, The Ohio State University, and Oak Ridge National Laboratory have announced in the latest issue of Science Advances that they’ve increased the speed of QKD transmission by between five and 10 times the current rates.

Up until this latest breakthrough, which is delivering megabit/second rates, speeds were restricted to between tens to hundreds of kilobits a second.

What is quantum key distribution?

It sounds like something straight out of science fiction, but quantum key distribution is reality, and it could be protecting your data before you know it.

QKD uses photons—particles of light—to encode data in qubits, or quantum bits. The qubits are transmitted to a sender and recipient as an encryption key, and here’s where things get crazy: The transmission channels don’t need to be secure.

QKD’s whole purpose rests on quantum indeterminacy, which states that measuring something affects its original state. In the case of QKD, measuring photonic qubits affects their encoding, which allows the sender and recipient to immediately know if a hacker is trying to crack their quantum encryption key.

That means, theoretically at least, that QKD would be a perfect encryption: Any attempts to crack it would immediately be noticed and keys could be changed.

Making QKD practical for cybersecurity

The breakthrough made by the Duke research team came from being able to pack more data onto a single photon. The trick was learning to adjust the time at which the photon was released, along with adjusting the phase of the photon, causing it to be able to hold two bits of information instead of just one.

What makes the new system developed by the researchers even more amazing is that they were able to do it with nothing but commercially available telecommunication hardware, save the single-photon detector.

“With some engineering,” said Duke graduate student Nurul Taimur Islam, “we could probably fit the entire transmitter and receiver in a box as big as a computer CPU.”

Islam and his research partners say that hardware imperfections render their QKD system less than hack-proof, but their research continues to incorporate hardware shortcomings to make up for them.

“We wanted to identify every experimental flaw in the system, and include these flaws in the theory so that we could ensure our system is secure and there is no potential side-channel attack,” Islam said.

While it’s likely to take some time to emerge from the research phase and become a practical tool, this latest QKD breakthrough gives cybersecurity a leg up on cybercriminals.

As quantum computing becomes accessible, the likelihood of it being used to obliterate current forms of encryption increases, making the development of practical QKD essential. This should come as good news to anyone concerned about the current, and future, state of cybersecurity.

The post How #quantum #computing could create #unbreakable #encryption and save the #future of #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How To Look #Back To The #Future Of #Cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

How To Look #Back To The #Future Of #Cybersecurity

As if to cap off an already eventful National Cybersecurity Awareness Month—and perhaps proving that there is no honor among thieves—a hacker breached a forum for hackers last week, and is ransoming fellow cyber-attackers’ user data for $50,000. And there certainly seems to be plenty of occasions to increase our awareness of cybersecurity issues.

About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016—according to a digital security firm’s study. The U.S. Department of Homeland Security issued a warning last week about the Bad Rabbit ransomware, which is disrupting government, hospital and other systems internationally. And cybersecurity researchers confirmed last week that an enormous botnet has already infected more than one million organizations—and is on the verge of unleashing “the next cyber-hurricane.”

It’s crucial that we learn from these attacks. And—just as some are using high-tech for cyberattacks—others are using blockchain, artificial intelligence and other cutting-edge technology to improve cybersecurity.

Blockchain, AI, and IoT to the rescue

With so many cyberattacks targeting centralized services, blockchain’s decentralized technology offers cyber-defenses from many types of attacks, according to PC Magazine last week. Among the benefits are blockchain’s transparency and distributed nature, which eliminate the single failure points that many hackers prey upon. But …

“The best defense [organizations] have is the same thing that makes them such an appealing target for hackers: a mountain of data,” PC Magazine stated in a different story last week. “By using machine learning algorithms and other artificial intelligence techniques to identify data patterns, vulnerable user behaviors and predictive security trends, companies are mining and analyzing the wealth of data at their disposal to hopefully stop the next breach from happening.”

However, networks and Internet of Things sensors will still require cybersecurity technology, VentureBeat stated this month. Unsecured devices can be terrible liabilities, so organizations should earnestly evaluate the opportunities and vulnerabilities offered by AI and IoT—and ensure that all users are well trained.

Build a tech-savvy phalanx

Technical savvy helps employees across the organization better understand their work environment and, as a result, operate more securely, according to SmartBrief last week. This will only get more important, as data analytics is increasingly crucial to business success—and as workflow automation continues to get cheaper.

And making rules isn’t enough. For example, in healthcare, HIPAA regulations require that organizations train their workers to maintain patient privacy—and punish those who violate policies and procedures. But employee security awareness is the top healthcare data security concern for 80 percent of health IT executives, according to a 2017 healthcare security study.

“Build a culture of cybersecurity among your executive and physician leaders,” Theresa Meadows, CHCIO, Senior VP and CIO of Cook Children’s Health Care System, stated last month. “Educate them about the threats, myths and importance of good cyber hygiene … they can champion the cause among their peers and staff and get them to buy into safety processes.”

Of course, cybersecurity cultures don’t sprout up overnight.

Learning our lessons

Chief information security officers face the increasingly difficult job of convincing their c-suites that cybersecurity expenditures are worth the big bucks, according to Government Computer News this month. CISOs can use their organizations wealth of data to frame cybersecurity in terms that managers and executives can understand, such as managing risk, business continuity and regulatory compliance.

In short, it’s about taking a step back and learning lessons from the big picture.

“We are so overwhelmed with present security concerns that we don’t have the ability to look into the future — or we hesitate to second guess what cybercriminals might end up doing,” IT Business Edge stated last week. “It’s up to us to recognize what we’ve seen in the past in order to rethink our security solutions of the future.”

And last week’s hacking of the hackers’ forum—as well as other events from this year’s National Cybersecurity Awareness Month—have given us plenty of source material to learn from.

The post How To Look #Back To The #Future Of #Cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business

Source: National Cyber Security – Produced By Gregory Evans

The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business

Conversations about the future of work have to include security. I’ll take that one step further: the future of work very much revolves around the future of security. New ways of working offer exciting opportunities to boost employee productivity, creativity, and engagement, but they can’t come at the expense of security. On the contrary, many of the same practices already shaping the future of work—BYOD, unprecedented mobility, any-network access, employee-centric experiences—can increase risk for data, applications and networks. The attack surface has never been so broad or so inviting—and threats have never been more sophisticated.

At a time when data is both more valuable and more vulnerable than ever, how will we secure the future of work? As a guiding principle, we can’t rely on add-on security technologies and siloed teams. Security must be woven throughout both the IT architecture and the organization to ensure that no matter how or where people work, the organization is protected. At the same time, the measures we rely on can’t be allowed to impair the user’s experience or productivity. Today’s workforce won’t accept arbitrary restrictions or barriers; the same creative spirit that fuels innovation will also lead them to seek consumer-market workarounds.

The key is to make cybersecurity everyone’s business. When employees are fully bought in to security—when they understand its importance and relevance, and they’re empowered to support it without sacrificing their own work, your security team becomes truly organization-wide.

To that end, here are five security best practices for the future of work.
Educate users
This isn’t exactly new—fair enough. User education has been a tenet of cybersecurity since the early days. But that makes it all the more important to reinforce its importance, so that we never overlook it or take it for granted. As people gain the freedom to work anywhere, on any device, knowing how to do so safely must be a top priority.

In the employee-centric modern workplace, it’s also important to consider how this education takes place. It’s not enough simply to recite lists of rules and protocols. Instead, engage in a true dialogue—take the time to understand users’ needs and practices, and then explain your security policies in ways that are accessible and relevant to their daily experience.

Extend the discussion beyond the office environment to encompass every other setting where work takes place. How can you recognize whether a public wifi connection is safe to use? What are the risks around USB sticks? How can employees secure the consumer technologies in their homes, so their kids don’t introduce vulnerabilities into the family WiFi network with a jailbroken phone?

Engage with lines of business
Security doesn’t happen in a vacuum. The most effective policies are grounded in a firm knowledge of operational processes. Meet regularly with business decision-makers to understand the implications of new initiatives. By building rapport and trust, you can gain a seat at the table to make sure that appropriate safeguards are built into each project right from the beginning. You’ll also get crucial perspective into the tools, workflows and practices that enable the group to drive value, helping you design measures that maintain protection and control without getting in the way of business.

Modernize and mobilize your security policies
Mobility increasingly defines IT—in terms of both the mobile devices people use, and the constant movement of people, devices and data from one place to another. As employees use non-corporate devices, networks and storage systems to meet their needs—whether personally owned, third-party or public—your risk profile rises dramatically. At the same time, they usually have valid reasons for doing so. You can’t just say no; you’ve got to find secure ways to accommodate it.

Make sure your security policies reflect the real world—not some antiseptic, locked-down cybersecurity dream (and employee nightmare). Create clear rules and guidelines to help employees stay safe without losing the freedom and flexibility they’ve come to rely on. Specify convenient yet secure alternatives to consumer-grade technologies. Differentiate between scenarios—what’s safe at Starbucks vs. headquarters, what types of work should be saved for a more secure location—and set up your granular access control policies accordingly.

Enforce policies fairly and consistently
Inconsistent enforcement can doom even the best security policy—and can undermine the credibility of any subsequent policy. You put a lot of thought into creating the right rules and procedures for your business; now make sure they’re enforced the same way every time, for every user, with no exceptions. A sense of fairness will promote employee buy-in. After all, it’s not just a matter of meaning what you say—users have to take it to heart and mean it, too. When security becomes part of your culture, the whole organization becomes safer for the long term no matter what the future brings.

Make it seamless—and automatic
The less you have to rely on human intervention, the more reliable security becomes. This can include everything from conditional access controls that show employees only the apps they’re authorized to use in a given scenario, to business data encryption by default on mobile devices. Open-in controls can prevent email attachments from opening in non-corporate apps. Micro-VPN can ensure security over public wifi. Automated logging and reporting can facilitate compliance and audit readiness. There are many opportunities to make security more seamless and transparent for users, and simpler and more efficient for IT to maintain. As the scale and complexity of the enterprise environment continues to grow, steps like these will be critical to stay one step ahead.

The future of work gets a lot of buzz these days, and rightly so—it gets more exciting by the day. With these best practices, you can make sure it’s also growing more secure by the day.

The post The #Future of #Work Hinges on Making #Cybersecurity Everyone’s #Business appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked?

Source: National Cyber Security – Produced By Gregory Evans

A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently. The targets…

The post Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity channel chiefs and MSSPs look to the future

Source: National Cyber Security – Produced By Gregory Evans

The cybersecurity market is rife with conferences that feature keynote speakers, industry experts, vendor demos, training sessions, hack-a-thons and professional networking. Some of the best events are centered on a narrowly defined topic, an industry vertical, or a niche technology. And with CyberTechnologyXchange (CTX), we have a new venue focused…

The post Cybersecurity channel chiefs and MSSPs look to the future appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

‘Cybersecurity Is Critical To Future Prosperity’

Source: National Cyber Security – Produced By Gregory Evans

“Cybersecurity is critical to our future prosperity and security” as the “evolution of technology has fundamentally changed our security landscape, Minister of National Security Wayne Caines said today. Speaking during the opening of the Cybersecurity Framework Workshop at BUEI, Minister Caines said, “On behalf of the Government of Bermuda, it…

The post ‘Cybersecurity Is Critical To Future Prosperity’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hack to the future: HopHacks challenges students to solve problems using technology

Source: National Cyber Security – Produced By Gregory Evans

In rooms around Hodson Hall on Saturday night, clusters of students tapped away at their laptops amid a scattering of snack bags, soda cans, book bags, and belongings. Some took time out from their teamwork to study for a test. A few napped using balled up sweatshirts as pillows. It…

The post Hack to the future: HopHacks challenges students to solve problems using technology appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Future trends for cyber security

Source: National Cyber Security – Produced By Gregory Evans

Cyber security strategy is now a key issue for any enterprise. Ransomware attacks continue to evolve more sophisticated ways to get onto corporate networks. Crypto currencies have enabled cyber crime to become a profitable way to make money directly from malware. Attackers no longer need any technical knowledge – ransomware…

The post Future trends for cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber security in an interconnected future

Source: National Cyber Security – Produced By Gregory Evans

Cyber security in an interconnected future

The “WannaCry” virus hit computers in at least 150 countries around the world last week, including Russia, the Ukraine and Taiwan. Some called it the beginning of a new era – an era in which hackers have become experts at finding weak spots in our online security. There was also a kind of dawning realisation of how vulnerable organisations all …

The post Cyber security in an interconnected future appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Young Hackers: The Cybersecurity superstars of the future?

Source: National Cyber Security – Produced By Gregory Evans

Young Hackers: The Cybersecurity superstars of the future?

The National Crime Agency (NCA) recently published a report that revealed the average age of a UK hacker is only 17 years old. The alarming investigation found that most youngsters fall into hacking after discovering a passion for the digital world, usually through the gateway of games consoles. By the tender age or 13 or 14, these digital delinquents have developed the capability to begin utilising their gaming devices and digital expertise for hacking. Among the most common types of crime were developing and selling hacking toolkits, blackmailing companies and breaking into online accounts.

This incredible ability coming at such a young age should come as no surprise to the general public. Digital technology has been on the rise for decades and we now have generations of youngsters who have grown up surrounded by technology and use it extensively in their day to day lives – meaning that they develop high literacy in technological skills at a very young age. This is particularly true of British teenagers, who spend more time online than most other teenagers around the world. Given that the same survey revealed they also rank quite highly in terms of dissatisfaction with life, it seems unsurprising that they are venting their frustrations within the world they understand the most: the online one.

Although these findings may at first seem irrelevant for businesses, they are extremely important in terms of understanding cybersecurity risks. The NCA investigation found that many of these teen hackers are mostly motivated by “building a reputation” as an excellent hacker and pursue their game on the basis of how challenging the target will be, rather than how much money they could gain for a potential hack. Much like the more traditional morality-lead hackers who outed adulterers by stealing and publicising user information from the website Ashley Madison, these young people are interested in what they can gain on a reputational and skills-based level instead of what they can actually gain from the data breaches themselves.

This means that the better an organisation’s level of cybersecurity is, or the higher the profile of their brand, the more appealing they become to young hackers who want to gain a “name” for themselves in the shadowy world of cybercrime and hacking. Although interestingly, given the lack of concern they have in the intrinsic value of what is being hacked, any system of any organisation can become a target, rather than just those on the frontline of protecting core assets. Furthermore, the rate at which these young hackers are exchanging intelligence and developing new tools vastly outweighs the rate at which most companies are updating and monitoring their cybersecurity tools. Thus, a two pronged risk is revealed: the risk of turning your organisation into a target by protecting it properly and that of being outnumbered by the sheer scale of hackers who collaborate to develop exploitations and share vulnerabilities.

However, it isn’t all doom and gloom. Whilst the NCA research is largely acting as a warning for companies to tighten their security measures and remember to update them frequently, it also comes as an opportunity to act. Today’s hackers could well be tomorrow’s cybersecurity employees and targeting youngsters with an organic interest in computer technology, as well as a known expertise in the world of hacking, could be the secret to finding and recruiting more cybersecurity experts. This way firms can start to actively combat threats to data protection by utilising insider knowledge and up-and-coming youngsters with an extensive depth of digital literacy and real-life experience, who could ironically be the ones to help make an organisations more secure.

This would not come without a risk. It would be hard to place faith in new recruits who have a known history of data breaches and hacking – as they largely view hacking as a casual act, or a bit of fun which is not to be taken seriously. However, with the right approach and training, organisations could be looking at the opportunity of a lifetime: utilising the future stars of the tech world to protect themselves from threats that they perhaps do not yet understand themselves.


The post Young Hackers: The Cybersecurity superstars of the future? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures