Connect with us

Cyber Security

Infosec and Data Protection Research Provides New COVID, Cloud, and…

Avatar

Published

on

News Image

Research from Infrascale, a cloud-based data protection company that provides industry-leading cloud backup and disaster recovery solutions, reveals new information security (infosec) insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance. As 65% of those surveyed have seen an increase in information security breaches in their industry since the pandemic began, it’s not surprising that even more, 74% of all respondents, have chosen caution and implemented new infosec technology. A robust segment of leaders, across different industries, specifically turn to Managed Service Providers (MSPs) for help.

From the survey of more than 1,200 business leaders, Infrascale has revealed that education (44%), healthcare (51%), and manufacturing (53%) executives all cited a need for increased security as their top reason for selecting an MSP. Security is not the only top driver. Finance leaders chose reduced costs (57%) as their top reason, noting that an MSP is less expensive than hiring talent internally. For e-commerce retailers, increased security (46%) and reduced costs (46%) tied for the top spot.

“It’s never been more critical to have an encrypted backup and disaster recovery solution to ensure your business is always up and running. The increased threats to companies and MSPs have never been this severe, and it’s going to continue to get worse,” said Infrascale CEO Russell P. Reeder. “In this ever more challenging landscape, data protection and data recovery are top priorities for MSPs serving clients, especially as attack surfaces expand and attack vectors get more sophisticated,” he continued.

The survey further revealed which MSP services are most prominent for each industry. Finance (53%), education (51%), and healthcare (53%) executives all noted that the top service they leverage most with their MSPs is data protection, while manufacturing executives specified a subset of that category, cybersecurity services (58%) — focusing on computer network environments as their top MSP service. Executives across all these industries also named backup and recovery solutions (43%), cloud services (45%), and data analytics (48%) as key MSP services they use.

COVID-19 Prompts Industry-Specific Security Actions

Ramping up remote access work environments during COVID-19 has created a deluge of security risks and expanded attack surfaces that businesses are still in the process of addressing. It’s a common prediction that hybrid remote work trends will figure into the new-and-next normal this decade. As MSPs prepare for more flexible customer work environments, it’s helpful for them to understand what leaders in different industries have ascribed to COVID-19.

First, in broad terms, 81% of financial industry executives have implemented new information security technology due to COVID-19, with education second at 70%, and healthcare third at 67%. It’s noteworthy that 75% of financial industry respondents also have seen an increase in infosec breaches in their industry during COVID-19, the most among all industries surveyed.

Executives have named different kinds of infosec technologies they’ve leveraged during COVID-19, as well. According to survey respondents from the respective industries:

  • Cloud backup wins top technology for the financial (53%) and education (54%) industries
  • Encryption solutions earns the top spot for the healthcare industry (52%)
  • Antivirus/malware was the top technology implemented by the manufacturing industry (64%)

With so much new adoption of infosec technology in these industries, MSPs will be able to offer competitive security improvements and reviews of security controls throughout 2021.

High Demand for Cloud Signals the Need for Security and Ease

The vast majority of business executives, 95%, say they’ve moved some (64%) or all (31%) of their data to the cloud; their main reason, collectively, for doing so is improved security (68%), followed by ease of management (66%). When broken down by industry, finance leaders affirm security (71%) as their top reason for pursuing cloud-based solutions, while education (72%), healthcare (70%), and manufacturing (69%) industry leaders report ease of management as their top reason.

Reeder provided further insights: “While the survey data shows that more small and mid-market businesses have moved workloads to the cloud than one might think, there are still many workloads that are maintained on-premises and in private colocation data centers. Our conversations with our partners and their customers show that on-premises workloads will be here for a while. MSPs need to bolster their cloud migration and cloud security capabilities — especially for finance, education, healthcare, and manufacturing — so as to be prepared for the ultimate need of digital transformation and successful cutovers to the cloud.”

The survey showed executives are ready to embrace MSPs that are up to speed in the cloud — with 91% either extremely (61%) or very likely (30%) to work with an MSP that provides cloud-based solutions. By industry, the combined “extremely” or “very likely” enthusiasm for MSPs with cloud-based solutions was equally compelling:

  • Finance (94%)
  • Education (89%)
  • Manufacturing (87%)
  • Healthcare (83%)

MSP Infosec Strategy Must Target Compliance

Executive concern with regulatory compliance and industry standards is top of mind, according to the survey. While that’s to be expected, growing pressure on the new U.S. administration and Congress to pass comprehensive federal data protection legislation will keep compliance front and center in 2021 and beyond. Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed GDPR’s framework. It’s vital for MSPs to be prepared for seismic shifts in the regulatory landscape in order to help their customers adapt quickly to any new industry requirements.

Right now, 88% of business executives surveyed said their company requires compliance with industry standards. The most common, applicable compliance regime overall is ISO 27001, noted by 37% of respondents. By industry, ISO 27001 is the number one standard of concern cited by executives in finance (38%) and manufacturing (49%). That international standard requires businesses to establish, implement, maintain, and continually improve upon controls that keep data secure.

HIPAA, the U.S. law which protects sensitive patient health data, is the top concern for education (32%) and healthcare (52%) executives. HIPAA is the number two concern for manufacturers and the number three concern for finance leaders. FERPA, which protects the privacy of student education records, was deemed number two for educators and number three for manufacturers. The latter regularly work with universities and state and local governments to offer educational programs for their workforces.

Methodology

The Infrascale SMB survey was conducted in November 2020. More than 1,200 business executives at SMBs or mid-market companies responded. All respondents are either currently working with or have previously worked with an MSP. Respondents work in a range of industries, including healthcare, education, accounting/financial/banking/insurance, manufacturing, and retail/e-commerce.

About Infrascale

Founded in 2011, Infrascale provides comprehensive, cloud-based data protection by delivering industry-leading backup and disaster recovery solutions. Combining intelligent software with the power of the cloud, Infrascale removes the barriers and complexity of secure, offsite data storage and standby infrastructure for real-time disaster recovery. Trusted and recommended by leading independent industry experts, Infrascale equips its customers with the confidence to handle the unexpected by providing greater availability, better security, and less downtime when it comes to their data. Visit http://www.infrascale.com or follow us on Twitter at @Infrascale for more information.

Media Contact

Joe Casados

joe@bospar.com
925-989-9813

Source: https://www.prweb.com/releases/infosec_and_data_protection_research_provides_new_covid_cloud_and_compliance_insights_for_msps_as_2021_opens/prweb17672084.htm

Cyber Security

What is Cyber Threat Intelligence?

Avatar

Published

on

Author profile picture

@abeshekAbeshek_AntWak

We bring out the hidden knowledge treasure inside seasoned professionals through byte sized content

Cyber threats aimed at business are identified by Threat Intelligence. IT specialists and complex tools can read and analyze the threats. This information is utilized to plan, forestall, and recognize cyber threats hoping to exploit important organization’s assets. Threat Intelligence collects and compiles the raw data about the threats emerging from different sources.

People often get confused with Cyber Security terms such as Threat Intelligence and Threat Data. Threat data is a list of likely threats. For instance, Facebook feeds are like a running list of possible issues. It is Threat Intelligence when IT specialists and exclusive complex tools can read and analyze the threats/attacks. 

Why is threat intelligence important for businesses?

Threat Intelligence is a vital part of any cybersecurity. A cyber threat intelligence program sometimes called CTI, can: 

1. Prevent data loss 

With a very much organized CTI program set up, your organization can spot cyber threats and keep data breaches from leaking critical information. 

2. Give guidance on security measures 

By distinguishing and dissecting threats, CTI spots designs utilized by hackers. CTI assists organizations with setting up security standards to protect against future cyber assaults and threats.

3. Educate others 

Hackers are smarter than before. To keep up, cybersecurity specialists share the strategies they’ve seen with the IT people group to make a  communal database to battle cybercrimes and cybersecurity threats.

4. Kinds of Threat Intelligence 

The four kinds of threat intelligence are strategic, tactical, technical, and operational.

5. Strategic cyber threat intelligence

Strategic cyber threat intelligence is generally dedicated to a non-technical audience. It utilizes nitty-gritty analyses of patterns and arising threats to make an overall image of the potential results of a cyberattack. A few examples are whitepapers, policy documents, and in-house publications.

Tactical threat intelligence gives more details on the threat actors’ tactics, techniques, and procedures, known as TTP. It is especially intended for a technical audience and encourages them to see how their organization may be assaulted based on the most recent techniques attackers use to achieve their goals. They search for Indicators of Compromise (IOCs) proof like IP locations, URLs, and systems logs to use to help identify future data breaches. Strategic, proof-based threat intelligence is typically dedicated to security groups or people engaged in network security services.

Technical threat intelligence centers around the technical hints of cybersecurity threats similar to the titles to phishing messages or false URLs. This kind of threat intelligence is significant as it gives individuals a clue of what to search for, which as a result is helpful for social engineering attacks. Nonetheless, since hackers switch up their strategies, methods, and systems often, technical threat intelligence has a short life of realistic usability. 

Operational threat intelligence relates to threats uncovered before they happen. Threat intelligence is more of spy stuff like getting into hacker chat rooms. Operational threat provides information much before the threat or attack occurs. 

All things considered, all aspects of cyber threat knowledge are vital for an extensive threat review and assessment. Cyber threat knowledge can help associations obtain important information about these threats, build successful defense equipment and relieve the threats that could harm their reputation.

Author profile picture

Read my stories

We bring out the hidden knowledge treasure inside seasoned professionals through byte sized content

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Source: https://hackernoon.com/what-is-cyber-threat-intelligence-4t1235wn?source=rss

Continue Reading

Big Data

Smart payment solutions make their way in Mexico

Avatar

Published

on

Smart payment solutions make their way in Mexico

Paymentology and partner Intercash are launching tailor-made card issuing solutions for the digitally savvy in Mexico.

The market opportunity for FinTech in Latin America is growing year on year. The region has been able to adapt quickly to emerging technologies as payment security and financial inclusion is low. Banks are looking at newer technologies to help bridge this gap.

Mexico is in a great position as it has the highest rate of smartphone penetration in Latin America and over 45% of transactions are done by card. The country represents an exciting opportunity for FinTechs looking to offer smart payment solutions with easy-to-use functionality.

Following recent recognition by Latin America’s financial-transaction-network, PROSA, Intercash, a global payments solutions provider, and Paymentology, a leading issuer payments processor, today announced the launch of innovative card issuing solutions in Mexico to serve the growing volume of card transactions.

The partnership will see Intercash’s customers benefit from the ability to launch innovative payment solutions almost instantly with unrivalled access to data. Furthermore, this access to data at point-of-sale will empower Intercash’s customers to offer innovative real-time payment options that are personalised and meet the demands of today’s digital savvy consumer.

Using Paymentology’s cloud-native platform and PayRule.AI engine, customers will be empowered to shape consumers’ behaviour and preferences, key in today’s customer-first world. It is powered by augmented intelligence functionality which advances the authorisation process of consumer spends on credit and debit cards. Intercash’s customers will gain access to consumer spend data including transaction history retrieval, as well as a granular card scheme fee breakdown. The engine goes as far as retrieving and analysing mid-flight full card history for the approval or decline of transactions.

Shane O’Hara, CEO of Paymentology said, “We are excited to be collaborating with Intercash to help bring the latest customer-first payment solutions to Mexico, allowing millions of people the opportunity to make convenient, fast and secure payment transactions.”

Aaron Gladman, CEO of Intercash’s Card Division added, “Banks and government institutions are now looking to technology for finance and security solutions. We are delighted to be partnering with Paymentology for our initiative in launching turn-key card issuing and card management solutions into the Mexican market.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Source: https://www.fintechnews.org/smart-payment-solutions-make-their-way-in-mexico/

Continue Reading

AI

Convergence of AI, 5G and Augmented Reality Poses New Security Risks 

Avatar

Published

on

By John P. Desmond, AI Trends Editor  

Some 500 C-level business and security experts from companies with over $5 billion in revenue in multiple industries expressed concern in a recent survey from Accenture about the potential security vulnerabilities posed by the pursuit of AI, 5G and augmented reality technologies all at the same time.  

Claudio Ordóñez, Cybersecurity Leader for Accenture in Chile

To properly train AI models, for example, the company needs to protect the data needed to train the AI and the environment where it is created. When the model is being used, the data in motion needs to be protected. Data cannot be collected in one place, either for technical or security reasons, or for the protection of intellectual property. “Therefore, it forces companies to insert safe learning so that the different parties can collaborate,” stated Claudio Ordóñez, Cybersecurity Leader for Accenture in Chile, in a recent account in Market Research Biz.  

Companies need to extend secure software development practices, known as DevSecOps, to protect AI though the life cycle. “Unfortunately, there is no silver bullet to defend against AI manipulations, so it will be necessary to use layered capabilities to reduce risk in business processes powered by artificial intelligence,” he stated. Measures include common security functions and controls such as input data sanitization, hardening of the application and setting up security analysis. In addition, steps must be taken to snake data integrity, accuracy control, tamper detection, and early response capabilities.    

Risk of Model Extraction and Attacks on Privacy  

Machine learning models have demonstrated some unique security and privacy issues. “If a model is exposed to external data providers, you may be at risk of model extraction,” Ordóñez warned. In that case, the hacker may be able to reverse engineer the model and generate a surrogate model that reproduces the function of the original model, but with altered results. “This has obvious implications for the confidentiality of intellectual property,” he stated.  

To guard against model extraction and attacks on privacy, controls are needed. Some are easy to apply, such as rate limitations, but some models may require more sophisticated security, such as abnormal usage analysis. If the AI model is being delivered as a service, companies need to consider safety controls in place in the cloud service environment. “Open source or externally generated data and models provide attack vectors for organizations,” Ordóñez stated, because attackers may be able to insert manipulated data and bypass internal security.   

Asked how their organizations are planning to create the technical knowledge needed to support emerging technologies, most respondents to the Accenture survey said they would train existing employees (77%), would collaborate or partner with organizations that have the experience (73%), hire new talent (73%), and acquire new businesses or startups (49%).  

The time it takes to train professionals in these skills is being underestimated, in the view of Ordóñez. In addition, “Respondents assume that there will be vast talent available to hire from AI, 5G, quantum computing, and extended reality, but the reality is that there is and will be a shortage of these skills in the marketplace,” he stated. “Compounding the problem, finding security talent with these emerging tech skills will be even more difficult,” he stated.  

Features of 5G technology raise new security issues, including virtualization that expands the attack surface and “hyper-accurate” tracking of attack locations, increasing privacy concerns for users. “Like the growth of cloud services, 5G has the potential to create shadow networks that operate outside the knowledge and management of the company,” Ordóñez stated.  

Device registration must include authentication to handle the enterprise attack surface. Without it, the integrity of the messages and the identity of the user cannot be assured,” he stated. Companies will need the commitment of the chief information security officer (CISO) to be effective. “Success requires significant CISO commitment and expertise in cyber risk management from the outset and throughout the day-to-day of innovation, including having the right mindset, behaviors and culture to make it happen.”  

Augmented reality also introduces a range of new security risks, with issues of security around location, trust recognition, the content of images and surrounding sound, and “content masking.” In regard to this, “The command “open this valve” can be directed to the wrong object and generate a catastrophic activation,” Ordóñez suggested.  

Techniques to Guard Data Privacy in 5G Era 

Jiani Zhang, President, Alliance and Industrial Solution Unit, Persistent Systems

Data privacy is one of the most important issues of the decade, as AI expands and more regulatory frameworks are being put in place at the same time. Several data management techniques can help organizations stay in compliance and be secure, suggested Jiani Zhang, President of the Alliance and Industrial Solution Unit at Persistent Systems, where she works closely with IBM and Red Hat to develop solutions for clients, as reported recently in The Enterprisers Project. 

Federated Learning. In a field with sensitive user data such as healthcare, the traditional wisdom of the last decade was to ‘unsilo” data whenever possible. However, the aggregation of data necessary to train and deploy machine learning algorithms has created “serious privacy and security problems,” especially when data is being shared within organizations. 

In a federated learning model, data stays secure in its environment. Local ML models are trained on private data sets, and model updates flow between the data sets to be aggregated centrally. “The data never has to leave its local environment,” stated Zhang.   

“In this way, the data remains secure while still giving organizations the ‘wisdom of the crowd,’” she stated. “Federated learning reduces the risk of a single attack or leak compromising the privacy of all the data because instead of sitting in a single repository, the data is spread out among many.”  

Explainable AI (XAI). Many AI/ML models, neural networks in particular, are black boxes whose inputs and operations are not visible to interested parties. A new area of research is explainability, which uses techniques to help bring transparency, such as decision trees representing a complex system, to make it more accountable.   

In sensitive fields such as healthcare, banking, financial services, and insurance, we can’t blindly trust AI decision-making,” Zhang stated. A consumer rejected for a bank loan, for example, has a right to know why. “XAI should be a major area of focus for organizations developing AI systems in the future,” she suggested. 

AI Ops/ML Ops. The idea is to accelerate the entire ML model lifecycle by standardizing operations, measuring performance, and automatically remediating issues. AIOps can be applied to the following three layers: 

  • Infrastructure: Automated tools allow organizations to scale their infrastructure and keep up with capacity demands. Zhang mentioned an emerging subset of DevOps called GitOps, which applies DevOps principles to cloud-based microservices running in containers.  
  • Application Performance Management (APM): Organizations are applying APM to manage downtime and maximize performance. APM solutions incorporate an AIOps approach, using AI and ML to proactively identify issues rather than take a reactive approach.  
  • IT service management (ITSM): IT services span hardware, software and computing resources in massive systems. ITSM applies AIOps to automate ticketing workflows, manage and analyze incidents, and authorize and monitor documentation among its responsibilities. 

Read the source articles in  Market Research Biz, in the related report from Accenture and in The Enterprisers Project. 

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Source: https://www.aitrends.com/ai-and-5g/convergence-of-ai-5g-and-augmented-reality-poses-new-security-risks/

Continue Reading

Big Data

Trussle works with HooYu to make the onboarding process easier for its customers

Avatar

Published

on

Trussle works with HooYu to make the onboarding process easier for its customers

KYC and customer onboarding provider, HooYu, announced today that it is working with UK fintech and online mortgage broker, Trussle, to deliver a frictionless onboarding journey for its customers.

Committed to its vision of streamlining more of the mortgage process to provide a more convenient home financing journey for customers, Trussle chose to work with HooYu so they could implement the KYC provider’s configurable digital journey. Trussle customers are now guided through KYC, customised in Trussle branding and HooYu performs real-time validation of proof of identity documents.

The journey also asks customers to provide a selfie and delivers facial biometric comparison with their ID document. Customers can also be prompted to provide proof of address documentation from HooYu for proofing and recency checks so they can move on with their mortgage application at speed.

Founded in 2015 to create a free digital advice platform for first time buyers and homeowners alike, Trussle has supported thousands of customers with their home financing needs. Trussle combines smart technology and human expertise to make faster and more informed mortgage decisions, delivering a better experience and greater certainty for its customers.

Stephanie Marrs, VP Risk and Compliance at Trussle, commented: “Buying a home can be one of the most stressful experiences a person will go through in their lifetime. We’re passionate about improving the process that our customers experience when securing a mortgage. We’re working with HooYu to help make the onboarding journey smoother and to manage fraud risks earlier on in the customer journey.  This is another step in our commitment to providing a better mortgage experience for our customers.”

David Pope, HooYu Marketing Director, added: “At HooYu we’re dedicated to creating frictionless customer onboarding journeys with KYC processes that are configured for each customer. The integration of HooYu in the Trussle journey gives customers an even smoother digital experience in the mortgage application process.”

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Source: https://www.fintechnews.org/trussle-works-with-hooyu-to-make-the-onboarding-process-easier-for-its-customers/

Continue Reading

Trending