now browsing by tag
Share Tweet Share Share Share Email If 2020 was the year of streaming media, of content done a million different ways, of apps and Apple, and Google’s and Amazon’s algorithms … it was also the year of Big Tech regulation, where 2020 set the stage for a 2021 that could be seismic in changing the […] View full post on National Cyber Security
Learning Questions Posed As Tech Companies Connect Students Through Covid | #teacher | #children | #kids | #parenting | #parenting | #kids
Technology Private technology companies are rolling out free initiatives for students as Covid-19 highlights the importance of connectivity. Laura Walters takes a look at the opportunities for tech companies and what […] View full post on National Cyber Security
The rise of assistive devices: How tech is helping people with special needs | #specialneeds | #kids | #parenting | #parenting | #kids
Written by Anuj Bhatia| New Delhi |Updated: November 23, 2020 12:56:09 pm Xbox Adaptive Controller is specifically designed for gamers with disabilities. (Image credit: Xbox)With over a billion people (about […]
View full post on National Cyber Security
WHETHER YOU wanted to fit in or stand out in high school—be the influenced or the influencer—adhering to social norms was key to navigating and surviving the experience. The same […] View full post on National Cyber Security
#minorsextrafficking | Ron Wyden, Section 230, and the fight to hold Big Tech accountable | #parenting | #parenting | #kids
Sen. Ron Wyden is ready to send the CEO of Facebook to prison, and he has the bill to do it. “When Mark Zuckerberg tells a whopper to the federal […] View full post on National Cyber Security
Kenya is set to become a major recipient of foreign direct investments in cloud computing.
This is as international investors rush to fund a data centre boom spawned by the proliferation of smartphones, mass adoption of business software and 5G.
Huawei, Microsoft and Amazon Web Services are some of the international players currently enticing small businesses with free data storage in preparation for a looming expansion in data fanned by 5G networks and fibre optic cables.
“So there’s a big opportunity there, as more people begin to use cloud services instead of having their own data servers. These are going to become more valuable,” said Xalam Analytics in their latest report on Africa data centre boom.
Another incentive for the localisation of data storage is that it improves internet speeds since users no longer have to fetch data from the other side of the world.
It is also being driven by clamours by government officials to have local data hosted domestically for national security purposes.
Banks such as Absa Kenya are making investments in machine learning and artificial intelligence tools to improve customer experience and credit risk. New “digital banks” such as Tala, Branch, Zenka are cloud-based.
Since cybersecurity is not an expert capability field for banks, continuous upgrading and development of data centres have been expensive.
Saccos have not been left behind either, as most of them are running on software that allows customers to access their services on the phone.
They also need to store this data somewhere given that in-house data centres are too costly for them. Governments are using cloud and virtualised infrastructure to enhance public service delivery.
Large retail firms also use computer capabilities such as Amazon Web Services databases to transform how they reach a predominantly mobile and digital customer base. Corporates whose expertise is not data storage are slowly giving up their small in-house data centres to major players – helping to drive demand while scores of cloud-native startups are leveraging the cloud to disrupt entire industry sectors.
“The fast-rising requirements of cloud-based technology businesses and their customers, as well as the search for the smallest possible delays in transaction times, has seen businesses seek alternative cloud options,” said the managing director, Carrier Services Division at Telkom Kenya Kebaso Mokogi.
The Kenyan market is currently served by Safaricom, Liquid Telecom, MTN business and other regional players who are set to face competition from the deep-pocketed multinationals who are able to outprice them.
However, Kenya alone does not have the market to attract such high profile investments but is acting as a Launchpad for regional business. It is, however, one of the most active in internet and tech-driven business hubs alongside South Africa and Nigeria.
Africa currently accounts for less than one per cent of total available global data centre capacity, according to data from Xalam Analytics, despite the continent being home to about 17 per cent of the world’s population.
However, its capacity has doubled in the past three years.
Xalam Analytics says the key players in Africa – South Africa, Kenya and Nigeria are set to see investments from multiple investors among them Warren Buffet backed Berkshire Partners and London-based private equity firm Actis, which is injecting Sh25 billion into African data centres over the next three years.
Actis is the investor behind Garden City Mall in Nairobi.
“If you look at the trends around data, its consumption, and cloud migration globally — those trends have played out in many markets and have led to significant growth of the data centre sector,” said Kabir Chal, director at Actis.
“Africa is no different: you see digitisation, the inexorable migration to cloud, and really the advent of big data but, as a consequence, the supply of data hasn’t kept up.”
For data-storage companies operating in Africa, a big hurdle is the continent’s lack of infrastructure, which complicates an already capital-intensive, power-hungry business.
Kenya’s power supply remains low at less than 2,000MW compared to South Africa’s 40,000MW. The two have nearly equal population size.
Companies must often rely on large-scale generators running on costly diesel and petrol to provide electricity, while slow internet speeds, high data costs and a lack of fibre networks constrain their operations.
Nevertheless, the Actis investment is part of a broader trend of international players looking to become involved in the data centre sector in sub-Saharan Africa — where the total data centre capacity equals about a quarter of London’s or half of Frankfurt’s, according to Xalam Analytics.
Microsoft also launched its first African cloud data centres last year, which is a key growth market alongside Nigeria, Kenya and Ghana.
It already accounts for roughly half of Africa’s data centre capacity. Meanwhile, Amazon Web Services plans to open a cluster of data centres in the coming months — the company’s first foray on the continent.
Do not miss out on the latest news. Join the Standard Digital Telegram channel HERE.
Xalam AnalyticsSafaricomGarden City MallMicrosoftHuawei
The post #deepweb | <p> Kenya’s data storage boom entices global tech giants : The Standard <p> appeared first on National Cyber Security.
View full post on National Cyber Security
biometrics, machine learning, privacy and being a woman in tech – Naked Security Podcast – Naked Security
To celebrate International Women’s Day we invite you to this all-female splinter episode. We discuss privacy, biometrics, machine learning, social media, getting into cybersecurity and, of course, what it’s like to be a woman in tech.
Host Anna Brading is joined by Sophos experts Hillary Sanders, Michelle Farenci and Alice Duckett.
View full post on National Cyber Security
#cybersecurity | #hackerspace | NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers
When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.
Related:Promise vs. pitfalls of IoT
For small- and mid-sized businesses, firewalls, antivirus suites and access management systems represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well
Meanwhile, large enterprises pour tens of billions of dollars annually into next-gen firewalls, EDR, DLP and IDS technologies, each system generating a fire-hose of threat feeds, with all of this threat intel flooding, hour-by-hour, into SIEMs, UEBAs and other analytics platforms.
And yet, after a couple of decades of piling up layer upon layer of defenses, catastrophic breaches persist — they’re occurring as often as ever, and causing more harm than ever. Threat actors simply seek out the endless fresh attack vectors arising as an unintended consequence of digital transformation. In short, layered defenses have turned out to be cheesecloth.
Acknowledging this, a few cybersecurity innovators are taking a different tack. Instead of offering up more layers of defense, they’ve slipped on the shoes of the attackers and taken an offensive approach to defending IT assets. One of the most single-minded of these security vendors is startup CyCognito.
The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. Gurzeev and Potekhin set out to mirror the perspective of threat actors — and then help companies tactically leverage this attackers’ view to shore up their porous networks.
“The attackers need only to find a single blind spot to gain entry – it’s like singling out the weakest zebra in the herd,” says Gurzeev, CyCognito’s CEO. “Defenders, meanwhile, have to guard everything all of the time, and most organizations have many more Internet pathways than they even know about, much less are taking steps to defend.”
CyCognito’s employment of a bot network is what struck me most after I sat down with the team and learned in more detail what they’re up to. They’re not just borrowing a few pages from the attackers’ handbook; they’re actually utilizing the bad guys’ core tool – botnets They’ve set out to boldly redirect botnet-power towards helping, instead of exploiting, the good guys.
I first wrote about criminal botnets at USA TODAY in 2004. Botnets at the time were just emerging; they’ve since become entrenched as the engine that drives all of cybercrime. A bot is a computing nodule that strictly obeys instructions from a command and control server. A criminal botnet is a network of bots under control of an individual attacker.
Botnets are the nimble infrastructure that enables criminals to blast out massive ransomware and denial of service attacks and also to execute intricate advanced persistent threat (APT) hacks that play out over months and go very deep. Bots traditionally have arisen from compromised, or “pwned,” computing devices. Today bots are more often spun up as virtual instances of computing devices. Bad actors are spinning up these virtual bots by the million, utilizing computing resources sold, no questions asked, by the major cloud service providers, Amazon Web Services, Microsoft Azure and Google Cloud .
By contrast, CyCognito’s 60,000 nodule-strong bot network is comprised of computing instances distributed globally with the expressed intent to help enterprises protect themselves. Bots do what they’re told. CyCognito’s bot network actively crawls the Internet identifying and mapping all exposed IP assets, fingerprinting each asset. This is essentially identical to the ground-level crawling and probing reconnaissance tasks that criminal botnets perform every day.
Upon finding an exposed IT asset, say a web server or a gateway router, CyCognito can pinpoint the IP address, confirm what type of asset it is and check whether the asset has any open ports; it can even ferret out snippets of coding or text, such as a copyright, that indicates more granularly what specific functions the asset performs, who the asset belongs to and what other assets it communicates with.
CyCognito’s bots feed this ground-level intelligence back to an analytics platform, which makes correlations and may ask for more information. This results in an assessment of the business context surrounding each asset. “We’re building a live picture of what’s out there, not specifically looking for problems, at that stage,” explains Raphael Reich, CyCognito’s vice president of product marketing. “We’re collecting information to build associations between assets that other solutions miss: assets in the cloud, in subsidiaries, in third-party networks.”
Another thing about bots, they do what they’re told — for as long as they’re told to do it. Over the past couple of years, CyCognito’s botnet has surveilled and fingerprinted some 3.5 billion Internet-exposed IT assets, resulting in rich data sets that are fed into the company’s analytics. CyCognito has been able to map details of specific assets to thousands of organizations in much the way a criminal ring would do, which allows it to understand attackers’ easiest pathways i
Last November, the company released findings from an analysis it conducted to identify what it calls “shadow risk” – exposures that, for whatever reasons, enterprise IT and security teams are often blind to. Shadow risk creates attack vectors that are externally exposed to anyone with the skill and desire to go find them. The data reveals that a stunning percentage of organizations have a significant number of security blind spots, most often stemming from third-party and cloud interconnectivity. For instance, CyCognito’s research found:
•Organizations are unaware of as much as 75% of their attack surface.
•Some 82% of these hidden assets impact the organization’s cybersecurity posture and are managed by their cloud providers, partners or subsidiaries.
•Some 87% of organizations have critical exposures that are visible to attackers at a given point in time.
These findings are not at all surprising. Quite the opposite, they ring very true. Companies never found a way to stop intruders from breaching and plundering with impunity, even when all they had to defend were on-premises IT systems. Today we’re in the throes of digital transformation. Agility, speed, and modular transactions happen on the fly and in the cloud. This sets up a much more complex security challenge than setting up trip-wire alarms around an on-prem data center.
“Most organizations have expanded and broadly diversified their IT resources on-premises and in the cloud, making continuous monitoring and timely mitigation extremely challenging,” observes Potekhin, CyCognito’s CTO. “The inspiration for the CyCognito platform was the realization that the explosive growth in the numbers of threat actors and the sophistication of their tools has leapfrogged the capabilities of legacy security solutions and most of today’s enterprises, even those who are highly security-aware.”
What CyCognito has set out to do is outflank attackers and one of the results is a high-definition snapshot of the threat landscape, on any given day. That’s a major step forward. I hope they are able to trigger a new era of advances in the overall field of attack surface monitoring.
Meanwhile, as you might expect, the company has also designed its botnet and analytics platform to be available for hire — to drill down on individual companies’ IT assets. This can help companies identify and address open attack vectors — before the bad guys can get to them. “We looked to create a new class of solution to beat the attackers at their own game,” Gurzeev says. “It’s heartening that from Day One on our platform, customers are finding, assessing and closing open pathways.”
I expect layered defenses will continue to have a place, moving forward. But it’s going to be fascinating to see how adding a bit of offensive punch to defending networks catches on, and how much of a difference offensive security solutions will make, overall. I’ll keep watching.
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/new-tech-cycognito-deploys-offensive-bot-network-to-put-companies-a-step-a-head-of-attackers/
View full post on National Cyber Security
#deepweb | Google’s New Messaging App To Unify Gmail, Drive, And Hangouts…And Other Small Business Tech News
Source: National Cyber Security – Produced By Gregory Evans KRAKOW, POLAND – 2019/01/23: In this photo illustration, the Google Hangouts logo is seen displayed … [+] on an Android mobile phone. (Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images) LightRocket via Getty Images Here are five things in technology that happened this past week […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing […] View full post on AmIHackerProof.com