Security Articles

How to Ensure Cyber Resilience: 7 Measures to Check Organization's Cyber Defense

Information technology has taken a paradigm shift where businesses of today are not just worried about mere profits and making market share, but also ensure the security of its information, which is the most important as well as a vulnerable asset. The buzz word of recent times is no longer information security but cybersecurity. On a daily basis, major corporations are more worried about data breaches and compromised networks rather than anything else. The challenge is not just how to prevent cyber-attacks, but how to be resilient enough in wake of a breach, and ensure least possible data loss, steady business operations, and most importantly maintain customer’s trust. The only way to do it is that the business has to have preventative controls, periodically and proactively monitor their end to end operations, and be more predictive to be more prepared. 

Evolving Cyber Security Strategy and Practices

Evolving Cyber Security Strategy and Practices

In last decade technology has played a vital role in organizations endeavor to innovate, improve and transform. Technology has become ubiquitous at most of the organization's functions from strategic decision making to normal operations, thus facilitated in achieving the competitive advantage.

However high reliance on technology has also brought forth the risk of major disruption to business activities, with the potential to severely impact the organization's ability to serve to the customer, possible revenue loss as well as the brand. In addition to this, its misuse can even put person’s safety at stake.

The rising number of Cyber-attacks and the nature of attacks clearly suggest that the risk is real. The Cyber Security community has continuously evolved to protect the organization's interest and take the attackers head on.

An Intro To Denial of Service (DOS) Attacks & Countermeasures

Denail of Service

Denial of service (DoS) attacks has become a major threat to current computer networks & organizations as it will disrupt their services and impose a huge revenue loss. So to have a better understanding of DoS attacks, this article provides an overview of DOS/DDOS attack, symptoms, techniques, prevention tools and eventually some general countermeasures to defend against DOS attacks.

What is a Denial of Service Attack?

A Denial-of-service attack (DOS) is an attack performed on a networking structure to disable a server from serving its clients. The actual intent and impact of DoS attacks are to prevent or impair the legitimate use of a computer or network resources. Moreover, DoS attacks target the network bandwidth or connectivity.

Data Breaches and Legal Action

Data Breaches and Legal Action

An alleged breach apparently exploiting a scheme that allowed Aadhaar agents to rectify errors in user information such as outdated addresses or the inaccurate spelling of a person's name has recently caused lots of debating about the safety of Aadhaar (Unique Identification) data. The discussion on the topic got wide public notice by the news on registration of an FIR by Delhi Police against the reporter of ‘The Tribune’. The tweet by Edward Snowden had a spiraling effect on the publicity which gave international attention to the alleged Aadhaar data leakage.

Is Amazon Web Service (AWS) Cloud Supports Best Cost Effective & High Performance Modern Disaster Recovery?

Disaster recovery (DR) is about preparing for and recovering from a disaster. Any event that has a negative impact on a company’s business continuity or finances could be termed a disaster. This includes hardware or software failure, a network outage, a power outage, physical damage to a building like fire or flooding, human error, or some other significant event. To minimize the impact of a disaster, companies invest time and resources to plan and prepare, to train employees, and to document and update processes. The amount of investment for DR planning for a particular system can vary dramatically depending on the cost of a potential outage. Companies that have traditional physical environments typically must duplicate their infrastructure to ensure the availability of spare capacity in the event of a disaster. The infrastructure needs to be procured, installed, and maintained so that it is ready to support the anticipated capacity requirements.

WPA2 Security Enhancement and Movement towards WPA3

Wi-Fi Alliance, the organization which sets the standards for Wi-Fi safety has recently announced at CES 2018 (Consumer Electronics Show, Las Vegas, USA) its new and secure Wi-Fi Protected Access (WPA3) security protocol.

Right now millions of wireless devices are running with WPA2 protocol, however, it is now considered as an insecure protocol for its unencrypted network especially at public Wi-Fi hotspots. Public Wi-Fi is mostly targeted by hackers for stealing information. After KRACK vulnerability (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-1308) it was revealed that an attacker can possibly intercept the WPA2 wireless traffic between user’s devices with the wireless access point.

What does the GDPR mean for Identity Governance?

What does the GDPR mean for Identity Governance?

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

EU GDPR has a very wide scope, affecting every data controller (the one who “controls” the PII) and data processor (the one who “processes” the PII) dealing with data subjects (the persons) residing in the EU – even when the data processors and data controllers are outside of the EU .

Identity Governance solution can help an organization to GDPR compliant and also better positioning to mitigate the risks of a data breach.

The key elements of identity governance play key roles in identifying personal data and showing proof of GDPR compliance –

Data Security: It's time to take it seriously!

Data Security: It's time to take it seriously!

Data Security is vital to secure the personal and sensitive data.  Increased data movement and storage of data over multiple channels and devices have benefitted organizations to grow business; however, it adds a huge risk and threats to securing data from attacks.In addition, there are numerous Regulatory and Compliance bodies mandate standards to secure the personal and sensitive data. Organizations must comply with standards on securing the data to avoid penalties and charges.

Bring Your Own Identity(BYOI): The Next Big Thing

Bring Your Own Identity(BYOI): The Next Big Thing

Bring-Your-Own-Identity (henceforth “BYOI”) is one of the emerging trends among organizations which are in process of streamlining its IT governance solutions to make more flexible and mobile in nature. BYOI addresses the problem of registering/remembering multiple credentials for different applications and suggests to adopt/leverage open industry standards by means of integrating with social networking sites (E.g.  Facebook, Google, Yahoo etc.).

BlueBorne Attack: All You Need To Know

BlueBorne Attack: All You Need To Know

Over the years our reliance on software and machines have grown exponentially. Our activities and data are scattered everywhere over the internet. They serve as a medium for people with malicious intent to gain access to our internal systems, thereby disrupting services, demanding ransoms and destroying our data. Today the world is plagued with series of cyber-attacks, starting from Ransomware to DDos, Phishing to Trojans and many more. With security measures being enforced to safeguard us from these adversaries, the hackers are also growing smart and coming up with different attack vectors and stealth ways to bypass these restrictions and achieving their goal. One of such recent attack is the BlueBorne attack.

Pages

Subscribe to RSS - Security Articles