Browsed by
Month: August 2016

Two-Factor Authentication Can Turn out to be good in Security

Two-Factor Authentication Can Turn out to be good in Security

With an alarming rise in cyber attacks in the past decades, it has become necessary for implementing new methods of security. Cyber criminals have become advanced in their methods of breaching security; they are evolving everyday and becoming stronger at hacking. Nowadays single passwords are unable to hold against them any longer. Many reputed companies have lost valuable customer’s trust and suffered huge financial losses. Today, almost everything is linked to internet, every business and every official work. And internet is the storehouse of myriad of opportunities of hacking and digital data theft due to loopholes in the weak security framework.

Hence the need of better, stronger and advanced security method arises. Multi-factor authentication is one of the most effective remedy for the current day hacking risks. Two-Factor Authentication has been in the market for a while and is gaining popularity as an impeccable security measure against hacking. Recently, Sony, one of the biggest gaming company announced implementation of two-factor authentication in its Playstation Networks. Two factor authentications is the emerging trend in the Cyber security domain.

Benefits of Two-factor Authentication in Cyber Security

As an antidote to cyber hacking Two-factor authentication is the immediately effective due to its two step authorisation for the user’s account login. Single passwords are outdated to stand the hacking risks. Cracking passwords becomes easier for hackers because people use the same password again and again for various accounts. But, a two step login makes it complex for the cyber criminals. Here are some of the features and benefits of two factor authentication:

  • The Two-factor authentication method implements two steps in login process. It requires a token device along with the account password.
  • The main benefit of two-factor authentication is that it avoids password compromise that happens in the usual method of hacking. And this happens due to the introduction of the physical token device which works simultaneously as the verification tool along with the password. The hackers can’t access the account even if they have the password, because they don’t have the token devise owned by the user. Thus making it virtually impossible for hackers to breach into someone’s account.
  • Face Recognition is one of the most effective biometric security measure coupled with the password. Combining these two makes it next to impossible for cyber criminal to hack into someone’s account or database. In face recognition a computer based application uses a video frame or camera for identifying or verifying a person with the digital image through the video source.
  • Some other two-factor authentication can also integrate fingerprint scanners, iris scanners, voice recognition methods to add that extra protective layer to cyber security. These methods are also becoming popular with every act of cyber crime and by far are the best measures against online security breach by hackers.

Hence, Two-factor authentication is surely becoming an effective method when it comes to cyber security, and it is a significant and improved upgrade from single password protection. It needs to implement on a large scale.

Context Authentication- A Move Beyond Two Factor Authentication

Context Authentication- A Move Beyond Two Factor Authentication

Context-based authentication is popularly known as risk based or adaptive authentication. With adaptive authentication rules can be created within an organisation, pre-authentication or how authentication must proceed based on the context. As two factor authentication is evolving continuously, it can be said that context authentication is one of the stepping stone towards this evolution. Context authentication is a superset of two factor authentication as, if the risk based authentication is found suspicious anywhere in the process then two factor authentication is implemented.

How does context authentication work?

Context authentication includes device registration and fingerprint which is a two step process where the endpoints are registered first and on successful authentication the endpoints are validated against stored device fingerprint. The device fingerprint may include characteristics of the endpoint such as web browser configuration, device IP address, browser plug-ins, installed fonts, browser cookie settings and so on. This kind of authentication is widely used for end-to-end user access to online government services and has been successful in reducing the number of frauds.

What are the techniques used?

The techniques used in context authentication are Source IP reputation data, geo-location, geo-velocity, device authentication, behavioural analysis and identity store look-up. Some or all of this can be used to provide a promising solution.

Source IP Reputation Data: To make sure whether the IP requesting the data is originating from a known botnet, tor network or nation state.

Device Authentication: To understand whether the device has been used before? If not, initiate the device registration process.

Geo Location & Geo Velocity: Whether the user is logging in from known previous location or is the user at a new location?

Identity Store Lookup: What level of authentication is allowed to the user? Is it the admin account?

Behavioural Analysis: The way user interacts with the device (such as keystroke dynamics, mouse movements, etc) If authentication is beyond the usual behaviour then the request can be denied.

Layering the mentioned solutions can give an organisation the ease to decide which users would be allowed, denied or step-up to two factor authentication. For example, if geo-location and source IP reputation data raises suspicion regarding the user authentication then moving ahead instead of denying the request can make the user perform two factor authentication.

Therefore context authentication provides a risk based solution and can help design the security solution according the needs of the organisation. In the light on context authentication, two factor authentication can only be used for such users whose risk factor is found to be higher. The attackers will continue protruding into the boundaries of your organisation but context-based authentication will protect from keeping them away from interrupting the privacy of your organisation.

Does your Business Need Insurance for Cyber Security Breach?

Does your Business Need Insurance for Cyber Security Breach?

In recent years there have been many reports of cyber attacks of differing magnitudes. Many businesses have suffered huge losses due to these attacks. Several prestigious firms have suffered significant loss in consumer loyalty and got their reputation stained, and subsequently faced huge financial deprivation in the fallout. A recent incident has been the data breach of Sony’s Playstation Network. This is one of the biggest data breaches in computer history and has cost Sony millions of dollars plus the loss of consumer’s trust. And hackers are always devising new methods to breach the confidential data. They always stay steps ahead of the competition.

Though many cyber security methods are employed to ward off such attacks, they always find a way to breach the data. In such a scenario a need of insurance against such attacks arises. Cyber security breach insurance has been in the market for a while and is gaining popularity with every passing hour. Looking at the losses incurred by cyber attacks can shudder any business and install fear. Cyber security breach insurance is the only remedy for your business in this ever evolving world of hacking attacks. It is better to be safe than sorry.

Benefits of Insurance for Cyber Security Breach of Data

In today’s world almost every thing requires insurance, be it tangible or abstract. Everything is prone to theft and tampering. It holds true for the cyber world in all probability. Thus there definitely is a need of insurance for cyber security data breach. Here are some of the benefits of insurance for cyber security breach:

  • All businesses based on cyber networks run a risk of data breach, the data kept by such businesses about customer credentials like credit card details, bank account numbers, etc. all are vulnerable to hacking. This leaves them to liability claims, hence the need of an insurance for protecting the business against such risks.
  • In case of cyber security breach, an insurance can safeguard the company against many losses. It can help and mitigate the risks of civil litigation and other legal penalties in case of data breach.
  • Most of the times the cyber security insurance covers only the tangible losses. But the losses related to data breach such as reputational deprivation and loss of customer loyalty are not covered in the insurance. Thus having a proper insurance policy that covers the losses in a more encompassing way can lift the continual fear of cyber attacks.
  • Many insurance companies provide professional support for companies exposed to the financial liability in possible and probable cases of a data breach. They analyse the odds of a cyber attacks and help prepare the company to prepare for a breach by ensuring that proper security measures are implemented before the attack takes place. These companies also help in choosing the best path/course in response to an attack, to protect the impacted customers and the business’s reputation.
  • Insurance of cyber security covers costs like, legal liability, alerting customers, crisis management, consumer identity monitoring, defence costs, and costs of regulatory action. Companies can choose the coverage based on their needs.
  • Thus, insurance for cyber security breach of data is as important as new and advanced security framework. This kind of insurance helps in bouncing back to your status and brand value whenever any cyber attack happens. It’s the safest way to restore public’s confidence in your services.

    Securing the Big Data

    Securing the Big Data

    Big Data refers to the enormous amount of digital data generated by companies, government and our surroundings. It is said that 90% of data in world today has been created in the last two years. With new technologies coming in, security is the biggest issue. Big data results into big security threats as with the use of large scale cloud infrastructures, different software platforms spread across a large network of computers increases the scope of attack to the entire system. The security challenges faced for Big Data belong to areas such as the data itself, the infrastructure and technology.

    What are the Big Data specific security challenges?

    Big data faces security and privacy challenges which can cause huge damage to data, monetary loss and reputational loss. Some of the major Big Data security concerns can be security for non-relational data stores, end point input filtering, securing data storage and transaction logs, real time security, securing computations in distributed environment frameworks, granular audits, granular access control, data provenance and secure communication. Many businesses wish to use Big Data but security remains a major concern considering all the factors mentioned above. With the increased use of web, mobile and cloud applications sensitive data is being widely accessible from different platforms making it highly vulnerable to hacking.

    Some of the other security challenges include security for automated data transfer, when an organization receives a large amount of data it must be validated to check whether it’s originating from a trusted source, access control encryption and connection mechanisms, security at organizations to define access control at various levels and securely tracking and monitoring the consistency of data.

    How can Big Data be made secure?

    Big Data is here to stay. Therefore securing it is the biggest concern faced by all organisations. Big Data can be secured by focussing more on application security rather than device security. This can be done by implementing two factor authentication which secures application by providing one-touch notification or a secure code to the user. Devices and servers containing critical data must be isolated and tool to monitor real time security events must be implemented. Many organizations move from relational database to NoSQL as NoSQL is more secure. For data in transit SSL encryption must be applied to connect the client and server such that only trusted sources can access the encrypted information. Therefore, as computer environment become cheaper and networks are becoming larger, cloud security, access control introduce new challenges so, standardized and systematic security mechanisms must be used.

    No one is immune to hacking: The Latest on Cyber Attacks

    No one is immune to hacking: The Latest on Cyber Attacks

    Today we live under the sky of technology, we breathe and sleep in a digital environment. Almost everything that we do involves technology. Technology has become ubiquitous in human life, there is hardly any aspect left where technology is absent. Internet has been one of the biggest invention of human history. Internet has its reach everywhere, it has made things way easier for us. Things which took days to be done , now take only few moments. But, there is always a dark side to everything. With internet also comes the dreadful world of cyber attacks. Nowadays, people spend a really significant portion of their day on internet, recent research reports have shown that many people go online almost constantly.

    Spending almost every other moment on the internet without precautionary measures, makes you vulnerable to some serious cyber attacks. It’s obvious that people can employ security measures like monitoring, being up to date on scams and using antivirus. But hackers keep evolving every time, they devise new and more destructive ways to attack your data. Their methods keep changing constantly. Hence there is a need to regular update and improve our combat plans against such attacks.

    Types of cyber attacks

    Hackers have a multitude of ways to attack your personal data. They act as today’s con man, they work by manipulating the users into giving them their personal information. Hackers use different tools and methods to do this. Online portals and phishing mails are some of the most common ways to perform such attacks. Here is a list of some of the most prevalent methods of cyber attacks :

    • Malware: This is one of the most used and reliable method for hackers. People usually download a number of things from internet, these files or software get downloaded along with it and start collecting and sending the user’s data without their knowledge. The most dangerous type of malware is Ransomware, it effectively locks out the user from their own device and takes over all the files and demands a ransom for returning them to the user.
    • Distributed Denial of Service (DDoS) attacks: It’s that type of attack when number of compromised systems, which get infected by a bot or a trojan, and then are used to target a single system or server, which makes the entire website to shut down causing a denial of service attack. This disrupts the business and other important workings of the site because until the attack lasts no one can access the site.
      Online Credit Card Thefts: Online theft of credit card credentials, online money transaction frauds at the point of sale portals are very common nowadays and such attacks are rising in frequency day by day. Fake billing and shipping addresses, and bulk orders are some of the things to be wary of.
    • Ruining of reputation: Recently many attempts have been to ruin the reputation of individuals and business firms. Cyber attackers hack the websites and social media accounts and post unauthorised, disreputable and objectionable material in the name of the firm or the individuals. At times these attacks can lead to serious devastation of reputation.

    Some effective measures can be taken against such attacks as:

    • Constant monitoring of all accounts and online business portals, changing passwords at regular intervals.
    • Updating every system according to the latest requirements, installing new security measures as and when required.
    • Constant back up of the data and installing antivirus softwares. Using protected servers from trusted ISPs.

    Thus, in today’s world of ever evolving technology and the risks relating to it, there is a need of better preventive measures. In the wake of recent cyber attacks, it becomes clear that no one is immune to cyber attacks and a new set of effective security principles are necessitated.