Category: AlienVault

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Introduction:

In today’s digital age, businesses have witnessed a profound shift in how they operate. Software-as-a-Service (SaaS) solutions have become the backbone of many organizations, offering flexibility and scalability. While firewalls remain an essential part of cybersecurity, securing your digital assets in the SaaS realm is a multifaceted challenge. This article explores why investing in a firewall is only the beginning of your SaaS security journey and offers insights into a holistic approach to safeguarding your digital landscape.

The firewall’s vital role:

Firewalls are the sentinels of your network, guarding against unauthorized access, malware, and threats. They establish a secure perimeter around your organization, serving as the initial defense against external dangers.

Why firewalls alone fall short in the SaaS era:

Cloud migration:

SaaS applications thrive in the cloud, offering unprecedented advantages. This means your data and operations may no longer be confined to your corporate network, rendering traditional firewall-centric security less effective.

Proliferation of endpoints:

The traditional network perimeter has dissolved as employees utilize various devices and networks to access SaaS applications. This multitude of endpoints makes relying solely on firewalls inadequate.

Data’s complex journey:

SaaS applications handle vast amounts of sensitive data, often stored in remote data centers. Protecting data at rest and in transit within these centers requires specialized measures beyond the firewall’s scope.

Strategies to enhance SaaS security:

Access control and identity management:

Implement robust access control and identity management solutions. Ensure only authorized users can access your SaaS applications, incorporating multi-factor authentication (MFA) for an added layer of security.

Data encryption:

Employ data encryption for both data in transit and at rest. Most SaaS providers offer encryption features, but it’s essential to understand their encryption protocols and their alignment with your security needs.

Regular audits and compliance:

Conduct regular audits of your SaaS applications and providers to ensure compliance with industry standards and data protection regulations, such as GDPR or HIPAA. Verify that your vendors adhere to robust security practices.

Security Information and Event Management (SIEM):

Implement SIEM solutions for real-time visibility into your SaaS applications. These tools centralize security monitoring and facilitate incident response by detecting anomalies and potential breaches.

Data Loss Prevention (DLP):

Deploy DLP solutions to prevent data leaks and unauthorized sharing of sensitive information within your SaaS applications. These tools scan and classify data, enforcing policies to protect critical assets.

Security awareness training:

Invest in continuous security awareness training for your employees. Educated users are your first line of defense against phishing attacks and social engineering threats.

Collaboration with vendors and partners:

Vendor security assessments:

Collaborate closely with your SaaS providers to conduct thorough security assessments. Seek transparency concerning their security practices, incident response plans, and data protection measures.

Security Service Level Agreements (SLAs):

Negotiate and establish security SLAs with your SaaS vendors. Define expectations for security incident response times, data backup, and disaster recovery.

Regular updates and patch management:

Stay informed about security updates and patches for your SaaS applications. Ensure that your vendors promptly address security vulnerabilities.

Conclusion: Strengthening your SaaS security posture:

While a firewall remains a fundamental component of your cybersecurity strategy, it’s essential to recognize that safeguarding your organization’s digital assets in the SaaS world requires a multifaceted approach. Embrace a combination of access control, encryption, monitoring, and ongoing collaboration with SaaS vendors to build a robust SaaS security posture.

As the SaaS landscape continues to evolve, so too must your security strategy to adapt and mitigate emerging threats effectively. In the ever-changing world of cybersecurity, staying vigilant and proactive is your best defense.

The post ​​​​​​​Beyond the firewall: Navigating SaaS security challenges appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Environmental sustainability is more important than ever before for organizations across all sectors. Sustainability concerns including geopolitics, future-focused developments, advanced ESG reporting, and building sustainability into supply chains going forward are all significant trends shaping businesses in 2023 and beyond. 

While the shift towards environmental sustainability is a worthy pursuit no matter the industry, the trend towards adopting new technologies that provide more sustainability and eco-friendliness can have some unintended consequences on the realm of cybersecurity. 

Today we can see many hybrid endeavors that combine both cutting-edge technology and green, eco-friendly initiatives to create long-term ecologically sustainable solutions for businesses in all fields. But since these collaborations tend to utilize new technology, they may not provide the kind of advanced-level cybersecurity protocols needed to secure these endeavors against cyberattacks, resulting in unintended consequences: an increase in cyber vulnerabilities. 

In this article, we will take an in-depth look at the enhanced cybersecurity risks presented by certain sustainability and tech initiatives. Then we will explore best practices intended to keep businesses cyber secure as they transition to new, more environmentally friendly modes of operation and production. 

1. The unexpected cybersecurity risks of going green

While new green technology rollouts provide highly visible, obvious benefits, contributing to the important global cause of sustainability, the cybersecurity underpinnings that run in the background are easy to ignore but no less significant. There is a subtle interdependence between new green tech and expanded cybersecurity risks.

2. New developments in green technology

New developments in green technology are vast and wide-ranging, offering revolutionary potential to cut down on harmful greenhouse gas emissions. By some estimates, Green IT can contribute to reducing greenhouse gas emissions by ten times more than it emits. Green coding focuses on creating more energy efficient modes of engaging computational power that can be applied to everything from virtual reality gaming devices in development to cloud computing. 

Sustainable data collection centers aim to reduce carbon and greenhouse gas emissions by finding alternative methods of collecting data that require less energy. 

Smart city technology, such as IoT-enabled power grids, smart parking meters, and smart traffic controls, can utilize predictive capabilities to ensure that urban infrastructures are running at optimal energy levels, reducing resource and energy waste and improving city living experiences. Similarly, smart HVAC systems can respond to global climate change issues by managing the internal temperature of buildings using smart regulators that reduce energy waste and carbon emissions, while still heating or cooling buildings. 

All of these innovations are building towards a more sustainable future by reducing our need for harmful fossil fuel consumption, managing power usage across the energy grid, and creating more sustainable alternatives to existing technologies for transportation, waste management, entertainment, and more. But each of these new technologies also presents a broader risk level that could threaten the foundations of urban cores. 

3. New green tech risks

One of the main risks introduced by all of this new sustainable technology is the expanded attack surface. Sustainable smart city adjustments, for example, operate within broad networks of interconnected devices. Each individual device can communicate and receive data from other devices, but individual devices are often poorly protected. 

So bad actors may be able to access sensitive data or broader urban infrastructure network systems by infiltrating one poorly protected device. IoT networks rely on a combination of hardware, software, third-party developments, and urban networks to run smoothly- a complex combination that is hard to regulate, protect, and control. This is especially true as older, poorly protected gadgets communicate with the latest high-tech citywide smart systems, creating inherent security vulnerability weak spots that can be easily exploited by bad actors.  

In the energy field, meanwhile, interconnected power systems using new sources of power, such as wind, solar, and energy efficient battery power, run through software-optimized systems that provide an efficient mode of distributing energy and conducting system-wide changes. But in the wrong hands, this consolidated ease of access could lead to widespread damages, with the centralized sustainable power controls becoming weapons of manipulation and chaos. 

Social engineering attacks can also have serious effects on complex interdependent urban systems, as phishing attacks can provide access to restricted systems, networks, or other sensitive data. Successful social engineering attacks provide opportunities for exploitation and manipulation of citywide systems through the installation of malware, spyware, and ransomware. Humans are susceptible to simple errors, and a convincing phishing attack can lead to immediate consequences, such as cutting off access to power throughout the region, rerouting transportation lines or traffic lights, disabling smart security systems, or other actions that can have broad damaging effects across a huge area. 

4. Green cyber-attacks

According to Reuters, E.ON, Europe’s largest energy grip operating company, has observed a significant spike in cyber-attacks in recent years, as has Norwegian clean energy company Hydro. Because the clean energy world is more decentralized, it presents more opportunity for cyber attackers to target small energy or communications hubs.

In Ukraine, for example, Russian operatives enacted cyberattacks on the Ukrainian satellite communication network, resulting in the remote shutdown of security monitors at German wind energy company Enercon. The attack shut down over 5,800 wind turbines at the German company, revealing high stakes vulnerabilities intrinsic to new Green technologies. 

5. Best practices to remain cyber-secure as you go green

Becoming aware of the enhanced risk potential of green technology is key to developing appropriate security measures that can mitigate risks and protect sensitive networks and data. Companies can provide necessary security by deploying advanced level security measures, monitoring risk factors, and enabling comprehensive threat response and prevention plans to proactively deal with the impact of impending cyberattacks- and prevent widespread damages. 

6. Deploy high tech security solutions

One of the key features of every new technology should be creating a resilient infrastructure through a combined protective plan that includes threat detection, incident response protocols, and proactive data protection. For new green tech developments, organizations will need to provide comprehensive security that can block against phishing, unauthorized network access, ransomware, spyware, malware, denial-of-service attacks, and a host of other cyberattack methodologies. 

Implementing zero-trust security regulations is a good strategy for preventing unauthorized log-ins across the board, and this security method can be applied to all devices and networks within an interconnected system. Zero-trust security is more secure than multi-factor authentication since it assumes that every log-in attempt is unauthorized until proven otherwise. This makes it an effective strategy for external attack surface management, or the mitigation of risks and vulnerabilities that are associated with an organizations’ external facing assets, such as its network infrastructure or website. 

In addition, AI and machine learning-enabled security systems, such as cloud-based SIEM systems, draw from a comprehensive knowledge base of collaborative input to provide enhanced cybersecurity coverage across devices and network systems. Cloud-based SIEM systems continuously monitor user behavior, seeking out any unusual, potentially suspicious activity, and can therefore detect anomalous behaviors that might slip through the notice of other security protections. 

7. Follow national security regulations

Compliance with national cybersecurity standards and rules is another significant step towards ensuring that new green technology has sufficient base-level protective measures in place. In order to remain compliant with national security regulations, organizations have to assess their own security gaps and vulnerabilities, providing security patches and proof of regular security updates. 

Additional regulatory compliance requirements include encryption of sensitive data, which can prevent unwanted access to sensitive data, and comprehensive cybersecurity incident response plans which are necessary for mitigating the damages of any successful cyber-attacks. General employee and staff cybersecurity training also keeps organizations compliant with government regulations- and ensures that employees are aware of the risks and signs of phishing and social engineering cyber-attack attempts. 

8. Continuously monitor the dark web

Using dark web monitoring tools to continuously monitor the dark web can be a powerful strategy for identifying likely threats, bad actors, and hacking plots. In terms of cybersecurity management and upkeep, monitoring the dark web provides insight into whether or not an organization has already, unknowingly, been the victim of a cyberattack in which their sensitive data is already being leaked on the dark web. 

When sensitive information such as employee addresses or client financial details are floating around on the dark web, it is clear that there has been a serious security breach enacted on an organization. So consistent monitoring can go a long way towards mitigating the damages of successful cyberattacks. 

9. Final thoughts

Climate resilience and cyber resilience need to be inextricably linked going forward if we are to create a truly sustainable, interconnected world. Sustainability initiatives that utilize the latest and greatest in new technology need to include abundant provisions for cybersecurity, regarding cybersecurity with equal significance as the environmental impact of the technology itself. 

Measures like managing external attack surfaces, ensuring that devices and systems are code compliant with national security regulations, enacting high tech cybersecurity protective measures, and consistently monitoring the dark web can help reduce the impact and risk of cyberattacks on all sustainable tech devices and systems. With ample protections in place, developers can continue to roll out new green technologies that will provide radical solutions for making a more sustainable world.

The post Eco-hacks: The intersection of sustainability and cyber threats appeared first on Cybersecurity Insiders.

Earlier this year, analysts in the AT&T Cybersecurity Managed Threat Detection and Response (MTDR) security operations center (SOC) were alerted to a potential ransomware attack on a large municipal customer. The attack, which was subsequently found to have been carried out by members of the Royal ransomware group, affected several departments and temporarily disrupted critical communications and IT systems.

During the incident, AT&T analysts served as critical first responders, promptly investigating alarms in the USM Anywhere platform and quickly communicating the issue to the customer. They also provided extensive after-hours support at the height of the attack—as the customer shared updates on impacted servers and services, the analysts gave guidance on containment and remediation. They shared all observed indicators of compromise (IOCs) with the customer, some of which included IP addresses and domains that could be blocked quickly by the AT&T Managed Firewall team because the customer was also using AT&T’s managed firewall services.

Just 24 hours after initial communications, analysts had compiled and delivered to the customer a detailed report on the incident findings. The report included recommendations on how to help protect against future ransomware attacks as well as suggested remediation actions the customer should take in the event that legal, compliance, or deeper post-incident forensic review is needed.

Read our case study to learn more about how our analysts helped the customer accelerate their time to respond and contain the damage from the attack, and learn how the AT&T Alien Labs threat intelligence team has used the findings from this incident to help secure all AT&T Cybersecurity managed detection and response customers!

The post AT&T Cybersecurity serves as critical first responder during attack on municipality appeared first on Cybersecurity Insiders.

We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Manufacturing. The report examines the edge ecosystem, surveying manufacturing IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on manufacturing report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report).

Get the complimentary 2023 report. 

The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Manufacturing-specific respondents equal 202.

At the onset of our research, we established the following hypotheses.

• Momentum edge computing has in the market.
• Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals.
• Perceived risk and perceived benefit of the common use cases in each industry surveyed.

The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

The role of IT is shifting, embracing stakeholders at the ideation phase of development

Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the manufacturing industry.

In this paradigm, the role of IT has shifted from being the task master to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that manufacturing leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem.

One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures.

Edge computing brings the data closer to where decisions are made

With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience.

With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares emerging trends as manufacturing continues exploring edge computing use cases. One area that’s examined is expense allocation, and what we found may surprise you. The research reveals the allocation of investments across overall strategy and planning, network, application, and security for the anticipated use cases that organizations plan to implement within the next three years.

Preparing to secure your manufacturing edge ecosystem.

Develop your edge computing profile. It is essential to break down the barriers that typically separate the internal line of business teams, application development teams, network teams, and security teams. Technology decisions should not be made in isolation but rather through collaboration with line of business partners. Understanding the capabilities and limitations of existing business and technology partners makes it easier to identify gaps in evolving project plans.

The edge ecosystem is expanding, and expertise is available to offer solutions that address cost, implementation, mitigating risks, and more. Including expertise from the broader manufacturing edge ecosystem increases the chances of outstanding performance and alignment with organizational goals.

Develop an investment strategy. During manufacturing edge use case development, organizations should carefully determine where and how much to invest. Think of it as part of monetizing the use case. Building security into the use case from the start allows the organization to consider security as part of the overall cost of goods (COG). It’s important to note that no one-size-fits-all solution can provide complete protection for all aspects of edge computing. Instead, organizations should consider a comprehensive and multi-layered approach to address the unique security challenges of each use case.

increase your compliance capabilities. Regulations in manufacturing can vary significantly. This underscores the importance of not relying solely on a checkbox approach or conducting annual reviews to help ensure compliance with the growing number of regulations. Keeping up with technology-related mandates and helping to ensure compliance requires ongoing effort and expertise. If navigating compliance requirements is not within your organization’s expertise, seek outside help from professionals specializing in this area.

Align resources with emerging priorities. External collaboration allows organizations to utilize expertise and reduce resource costs. It goes beyond relying solely on internal teams within the organization. It involves tapping into the expanding ecosystem of edge computing experts who offer strategic and practical guidance. Engaging external subject matter experts (SMEs) to enhance decision-making can help prevent costly mistakes and accelerate deployment. These external experts can help optimize use case implementation, ultimately saving time and resources.

Build-in resilience. Consider approaching edge computing with a layered mindset. Take the time to ideate on various “what-if” scenarios and anticipate potential challenges. For example, what measures exist if a private 5G network experiences an outage? Can data remain secure when utilizing a public 4G network? How can business-as-usual operations continue in the event of a ransomware attack?

Successful edge computing implementations in the manufacturing industry require a holistic approach encompassing collaboration, compliance, resilience, and adaptability. By considering these factors and proactively engaging with the expertise available, manufacturing will continue to unlock the potential of edge computing to deliver improved operational efficiency, allowing the industry to focus on innovation rather than operations.

The post Get the AT&T Cybersecurity Insights Report: Focus on Manufacturing appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s interconnected digital landscape, where data flows like a river through intricate networks, the importance of cybersecurity has never been more pronounced.

As our reliance on digital networks grows, so do the threats that seek to exploit vulnerabilities in these very networks. This is where the concept of resilient networks steps in, acting as the guardians of our digital realms. In this article, we delve into the world of resilient networks, exploring their significance as the cornerstone of modern cybersecurity architecture.

Understanding resilient networks

Imagine a web of interconnected roads, each leading to a different destination. In the realm of cybersecurity, these roads are the networks that enable communication, data exchange, and collaboration. Resilient networks are like well-constructed highways with multiple lanes, built to withstand unexpected disruptions.

They aren’t just about preventing breaches; they’re about enabling the network to adapt, recover, and continue functioning even in the face of a successful attack. Network resilience stands as a critical component in the realm of modern cybersecurity, complementing traditional security measures like utilizing proxy servers by focusing on the ability to endure and recover.

Network security

It’s essential to distinguish between network security and network resilience.

Network security involves fortifying the network against threats, employing firewalls, antivirus software, and encryption methods.

On the other hand, network resilience goes beyond this, acknowledging that breaches might still occur despite stringent security measures.

Resilience

Resilience entails the ability to detect, contain, and recover from these breaches while minimizing damage. It’s like preparing for a storm by not only building strong walls but also having an emergency plan in case the walls are breached.

Resilient networks aim to reduce downtime, data loss, and financial impact, making them a critical investment for organizations of all sizes.

Key components of resilient networks

Consider your home’s architecture. You have multiple exits, fire alarms, and safety measures in place to ensure your well-being in case of emergencies. Similarly, resilient networks are built with specific components that enable them to weather the storms of cyber threats.

Redundancy, diversity, segmentation and isolation, and adaptive monitoring and threat detection are the pillars of network resilience.

Redundancy

Redundancy involves creating backup systems or pathways. It’s like having alternate routes to reach your destination in case one road is blocked. In the digital realm, redundant systems ensure that if one part of the network fails, traffic is seamlessly rerouted, minimizing disruptions.

Diversity

Diversity, on the other hand, means not putting all your eggs in one basket. A diverse network employs various hardware, software, and protocols, reducing the risk of a single point of failure. Think of it as a portfolio of investments – if one fails, the others remain intact.

Segmentation and isolation

Segmentation and Isolation play a crucial role in containing potential threats. Imagine a building with multiple compartments, each serving a different purpose. If a fire breaks out in one compartment, it’s isolated, preventing the entire building from burning down.

Similarly, network segmentation involves dividing the network into smaller segments, each with its access controls. If one segment is compromised, the damage is contained, preventing lateral movement for attackers. Isolation takes this a step further, isolating critical assets from the main network. It’s like storing your most valuable possessions in a secure vault.

Adaptive monitoring and threat detection

Adaptive monitoring and threat detection are the vigilant guards of a resilient network. Picture a sentry who not only stands watch but also learns to identify potential threats based on patterns. Adaptive monitoring involves employing sophisticated tools that learn normal network behavior and raise alerts when anomalies are detected.

Threat detection utilizes advanced algorithms and AI to spot suspicious activities, even those that might evade traditional security measures. These components work hand in hand to identify and mitigate threats in real time, enhancing the overall resilience of the network.

Strategies for building resilient networks

Building a resilient network requires a strategic approach that blends several components to create a robust defense against cyber threats.

One key strategy is the implementation of a multi-layered defense. This approach involves placing defense mechanisms at various layers of the network architecture. It’s like having security checkpoints at different points along a journey. Firewalls, intrusion detection systems, and encryption protocols are examples of these defense mechanisms.

Each layer adds an additional barrier, making it more challenging for attackers to penetrate the network.

Zero trust architecture

The Zero Trust Architecture takes a departure from the traditional perimeter-based security model. Imagine a medieval castle surrounded by walls; anyone inside the walls is trusted, and anyone outside is considered a potential threat.

The Zero Trust model, on the other hand, operates on the principle of “never trust, always verify.” In this approach, no entity, whether inside or outside the network, is inherently trusted. Every user, device, and application must be verified before being granted access. This concept prevents lateral movement by attackers who manage to breach the perimeter defenses.

Elastic scalability

Elastic scalability is another vital strategy in building resilient networks. In a digital world where traffic patterns can change rapidly, network capacity needs to be flexible. Imagine a bridge that can stretch or shrink based on the number of vehicles crossing it.

Cloud-based solutions offer this elasticity by allowing organizations to scale their network resources up or down as needed. This capability is particularly crucial during unexpected spikes in traffic, such as during major online events or cyberattacks.

Case studies

Let’s dive into some real-world scenarios to understand how resilient networks make a tangible difference.

In the banking and financial sector, data breaches can have severe consequences, not only in terms of financial loss but also the erosion of customer trust. Resilient networks are the foundation of secure online banking and transactions.

In case of an attempted breach, redundant systems ensure that customers can continue accessing their accounts while the threat is contained. Moreover, adaptive monitoring tools can swiftly detect suspicious activities, preventing potential breaches before they escalate.

The healthcare industry holds a treasure trove of sensitive patient data.

Resilient networks are paramount to ensure patient privacy and data integrity. Imagine a hospital’s network segmented into different sections: patient records, medical devices, and administrative systems.

If a cybercriminal gains access to one section, the segmented architecture prevents lateral movement, safeguarding other areas. Additionally, adaptive monitoring tools can identify abnormal patterns in medical device behavior, preventing potential cyberattacks that might impact patient care.

Challenges and future trends

As technology advances, so do the techniques used by cybercriminals. Resilient networks must stay ahead of these evolving threats. The use of artificial intelligence (AI) and machine learning (ML) is becoming increasingly prominent in predicting and mitigating attacks.

Think of AI as a digital detective that learns from patterns and can predict potential threats before they materialize. ML algorithms can identify even subtle anomalies that might escape human notice, enhancing the effectiveness of threat detection mechanisms.

The integration of the internet of things (IoT) and 5G networks brings both convenience and challenges. Imagine a smart home with interconnected devices, from thermostats to refrigerators. While these devices offer convenience, they also open up new avenues for cyberattacks.

Resilient networks must adapt to secure these diverse devices, each with its potential vulnerabilities. Resilient networks must evolve to accommodate the unique challenges posed by these technologies.

Best practices for implementing resilient networks

To reap the benefits of resilient networks, organizations should follow several best practices:

• Regular security audits and assessments: Conduct routine assessments to identify vulnerabilities and areas for improvement within the network.
• Employee training and awareness: Train staff about the importance of cybersecurity and their role in maintaining network resilience.
• Collaboration with security experts: Work with cybersecurity professionals to implement the latest strategies and technologies.
• Continuous improvement and adaptation: Cyber threats evolve, and so must your network. Regularly update and upgrade your network’s defenses.

Conclusion

Resilient networks stand as the guardians of our digital age, fortifying our interconnected world against the constant barrage of cyber threats. In an era where data breaches can have far-reaching consequences, the significance of network resilience cannot be overstated.

By understanding its components, strategies, and real-world applications, organizations can build a robust cybersecurity architecture that not only defends against attacks but also adapts and recovers when breaches occur.

As technology marches forward, the resilience of our networks will be a decisive factor in determining our ability to navigate the digital landscape safely and securely. Remember, in the realm of resilient networks, preparation is protection, and adaptation is strength.

The post Resilient networks: Building blocks of modern Cybersecurity architecture appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s digital landscape, businesses are embracing the transformative power of cloud migration. Shifting operations from on-premises systems to cloud environments promises unprecedented benefits in scalability, cost-efficiency, and agility.

However, as organizations venture into these new realms, they must navigate a critical challenge: ensuring data protection throughout the complex process of cloud migration. In this exploration of ensuring data protection in cloud migration, we delve into the crucial considerations, best practices, and future trends that underpin this vital journey.

In the landscape of modern business, the realm of cloud migration beckons, with promises of scalability, cost-efficiency, and agility. Whether you’re doing something like Office 365 migration or any other kind of major cloud data migration, these are always the objectives.

However, amid these situations lies the unrelenting challenge of safeguarding data integrity and security during the intricate migration journey. “Ensuring Data Protection in Cloud Migration” unravels this challenge, offering insights into key considerations, best practices, and future trends that illuminate the path forward. Key highlights include:Understanding migration realms: Differentiating migration approaches sets the stage, from “lift-and-shift” to “re-factoring.”

• Data protection landscape: Navigating the regulatory landscape ensures compliance amidst the journey’s intricacies.
• Critical considerations: Encrypting data in transit and at rest forms the bedrock, while access control and anonymization reinforce fortifications.
• Best practices: Strategic planning, selecting secure cloud providers, and formulating migration strategies are essential navigational tools.
• Emerging frontiers: Embracing AI-driven threat detection and blockchain’s tamper-proof architecture enhances future data protection.

Understanding cloud migration: Navigating the landscape

Cloud migration involves more than just transferring data; it necessitates a strategic and holistic approach.

The process encompasses different approaches such as “lift-and-shift,” which replicates existing systems to the cloud with minimal changes, “re-platforming,” involving the adaptation of applications for cloud compatibility, and “re-factoring,” the restructuring of applications for optimized cloud performance.

The advantages of cloud migration are undeniable: improved flexibility, reduced operational costs, and the capacity to rapidly scale operations.

However, these benefits come with the responsibility of safeguarding data integrity and security. As you embark on this journey, consider your data as valuable cargo. Much like a skilled captain ensures the safety of precious cargo at sea, your organization must implement robust data protection strategies to secure sensitive information during its voyage to the cloud.

The data protection landscape: Regulatory implications

As data becomes the lifeblood of the modern economy, data protection regulations have emerged to govern its flow and use.

Regulations like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA) lay down stringent requirements for the handling and storage of data. Importantly, these regulations apply irrespective of the data’s location, even during the intricate process of cloud migration.

Imagine these regulations as a navigational compass, guiding your data protection efforts during migration. Non-compliance isn’t merely a compliance issue; it’s a legal and financial risk. Therefore, as you embark on your migration journey, it’s paramount to not just consider the technical aspects but also the legal implications.

This is a journey where compliance and data protection must be intertwined, like the rigging of a ship, to ensure a smooth and secure voyage.

Key data protection considerations: Building your defense

As you prepare for cloud migration, envision yourself as an architect designing a fortress for your data. A thorough risk assessment is the cornerstone of your strategy.

This involves identifying vulnerabilities and potential points of failure that could compromise data security during migration. Much like a well-constructed fortress has sturdy walls, your strategy should be fortified with encryption measures.

Encryption, the process of encoding data to make it unreadable to unauthorized users, safeguards your data both in transit and at rest.

Access control is your virtual moat. Like a castle only accessible through a controlled entry point, you must manage who has access to your data. Role-based access control ensures that users are granted permissions based on their responsibilities, reducing the risk of unauthorized access.

Data masking and anonymization function as your cloak of invisibility. This involves concealing original data with fictional values, preserving its format while rendering it meaningless to anyone without the necessary authorization.

Best practices: Navigating the cloud migration waters

Imagine cloud migration as a voyage across uncharted waters. Your success depends on the quality of your map and the skills of your crew. Similarly, comprehensive planning is the cornerstone of a successful migration.

Conduct a thorough assessment of your existing infrastructure, applications, and data. This assessment will help you understand the intricacies of your environment and guide your decision-making process, much like a navigator plotting a course.

Choosing the right cloud service provider is akin to selecting a trustworthy ship captain. Consider factors such as security protocols, compliance certifications, and data protection measures when making your decision.

Don’t just settle for the most economical option; prioritize security and reliability. Once you’ve chosen your vessel, develop a migration strategy that aligns with your business goals. This strategy should outline the sequence of migration, the timeline, and the methods you’ll employ.

Emerging trends: The future of data protection and cloud migration

In the ever-evolving landscape of technology, the realms of data protection and cloud migration continue to expand. Envision this landscape as a canvas where new technologies paint the future.

As data breaches become increasingly sophisticated, the importance of AI-driven threat detection intensifies. Artificial intelligence can analyze vast amounts of data to identify patterns and anomalies, predicting potential breaches before they occur.

Additionally, consider the integration of blockchain technology into the data protection arsenal. Blockchain’s decentralized and immutable nature can enhance data security by providing an unalterable record of transactions and changes.

In the context of cloud migration, blockchain could ensure the integrity of data throughout the process, making it resistant to tampering or unauthorized access.

In conclusion: Upholding data integrity in the cloud

As we conclude this journey into the heart of data protection in cloud migration, envision yourself as a guardian of a precious artifact. This artifact is your data—valuable, irreplaceable, and vulnerable to the challenges of migration.

Navigating the realms of cloud migration demands not only technical prowess but also strategic foresight and a commitment to compliance. Data protection isn’t a one-time task; it’s an ongoing commitment to safeguarding your digital assets in a rapidly changing landscape.

As you embark on your cloud migration voyage, remember that your data’s security is in your hands. Just as a captain ensures the safety of their crew and cargo, your responsibility is to protect your data.

The journey may be complex, but armed with knowledge, strategy, and the right technology, you can navigate the waters of cloud migration while upholding the integrity and security of your most valuable asset—your data.

The post From one realm to another: Ensuring data protection in a cloud migration appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Approximately 57 cryptocurrency thefts occurred in just the first quarter of 2023, echoing similarly disastrous results in 2022, when fraudsters relied on a wide variety of techniques to steal $3.8 billion in cryptocurrency. The perception of vulnerabilities with blockchain-based currency have led to a dramatic drop in the total value of cryptocurrency, whose worth has fallen from over $2 trillion at the beginning of 2022 to just over $820 billion by the end of that year. Attacks range from confidentiality breaches to compromised “smart contracts,” leading to a need to redefine the nature of digital security. Below are just a few of the biggest threats to watch out for. 

Threats towards consensus protocols

Consensus protocols are placed to prevent one single person from controlling an entire blockchain. Multiple people must reach an agreement to decide what a blockchain should contain at a given moment. All consensus protocols require numerous security features in order to protect themselves against ARP and DDoS attacks. Address Resolution Protocol (ARP) spoofing tricks devices into sending messages to the hacker instead of the intended destination. On the other hand, Distributed Denial of Service attacks are malicious attempts to disrupt an individual’s network traffic by overwhelming the target with a flood of internet traffic.

Privacy and confidentiality breaches

Blockchains are also vulnerable to the exposure of private and sensitive data. They are designed to be transparent, providing users with as much knowledge about their transaction as possible. However, attackers can take advantage of this transparency, and access and share confidential information. Part of the appeal of digital currencies is the anonymity of participants. The possibility of tracing transactions to individuals results in the disclosure of private information, disincentivizing users from utilizing digital currencies instead of their physical counterparts. 

Private key improvisation

In cryptocurrency, keys are used to authorize transactions, access wallets, and prove ownership of assets. They are encrypted to protect users from theft and unauthorized access to their funds. However, some 23 private keys with a total value of over $900 million were compromised in 2022. The two main ways in which keys are illegitimately accessed are through social engineering and malicious software. For example, keyloggers record every single input that users make with their keyboard. When a user types their private key while a keylogger is active on their device, the hacker obtains access to it.

Risks during exchanges

Cryptocurrency exchange platforms allow users to purchase and sell digital assets. They function as a “middleman”, connecting two users in a trade. This makes them one of the most common targets for cybercriminals, as is evident in the relatively recent FTX hacking claims, in which this exchange claimed that almost $0.5 billion had been removed in unauthorized transactions. Although this type of attack is rare, cybercriminals have intercepted transactions in the past, replacing existing exchange platforms, so that funds are transferred to them instead of to authorized recipients.

Cybercriminals can also create outright fake platforms that disguise themselves as authentic applications with fake reviews and offers. When partaking in a digital trade, make sure you use secure cryptocurrency exchange services. The anonymity regarding blockchains makes it exceptionally difficult to track cybercriminals and seek justice. 

Defects in smart contracts

Smart contracts on the blockchain are apps that complete each side of a transaction. Those involving fund transfers can include a third party that verifies that the transfer took place successfully. They are based on templates, however, meaning that they cannot be amended for a particular use. Their code is extremely complex, making it near impossible to identify potential security risks. This can be seen as a benefit and a drawback since it is more difficult to discover vulnerabilities as a hacker and as a coder. 

Cybersecurity and blockchain

Cybersecurity has proven itself to be a core feature of the blockchain, since the increase in cryptocurrency attacks has led to a colossal drop in the value of digital currencies. Features such as consensus protocols, implemented to make the blockchain safer, have become weak points themselves and have facilitated access to private and sensitive information. Cybercriminals are also infecting devices with malicious software to illegitimately access private keys and wallets. 

The post Top blockchain Cybersecurity threats to watch out for appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Introduction:

In the world of digital forensics, where experts meticulously analyze digital evidence to uncover the truth, a counterforce known as “antiforensics” seeks to conceal, manipulate, or destroy this evidence. Antiforensics techniques aim to evade detection and analysis, posing a significant challenge for forensic investigators. In this comprehensive blog, we will explore the realm of antiforensics, understand its techniques, and discuss strategies to effectively defend against them.

Understanding antiforensics: A cloak for digital misdirection

Antiforensics techniques encompass a variety of strategies employed to hinder or thwart digital forensic investigations. These techniques can involve altering timestamps, wiping data, encryption, and even using steganography to hide information within seemingly innocuous files.

Types of antiforensics techniques

Data deletion and overwriting:

Deliberately deleting files or overwriting them with random data can make recovery difficult, if not impossible, for investigators.

Encryption and steganography:

Encrypting files or concealing data within other files using steganography techniques can effectively obfuscate sensitive information.

Metadata manipulation:

Altering file metadata, such as timestamps, can disrupt the timeline of events and mislead investigators.

File fragmentation:

Splitting files into fragments and scattering them across a storage device can impede reconstruction efforts.

Memory scrubbing:

In-memory data, such as passwords or encryption keys, can be erased to prevent their extraction by forensic tools.

Defending against antiforensics techniques: Strategies to employ

Early detection is key:

Promptly identifying signs of antiforensics techniques is crucial. Unusual data patterns, inconsistencies in timestamps, or suspicious file alterations can all be indicators.

Comprehensive backups:

Regularly back up data to remote and secure locations. This reduces the impact of data loss or tampering attempts.

Cryptographic hashes and signatures:

Utilize cryptographic hashes and digital signatures to verify the integrity of files. Any alteration will be immediately detectable.

Timestamp analysis:

Investigate timestamps thoroughly to identify discrepancies. This can involve cross-referencing with network logs and other data sources.

Memory analysis:

Memory forensics can help uncover volatile data that might have been wiped or hidden. Investigating memory dumps can yield critical information.

File carving:

Implement file carving techniques to recover fragmented or partially deleted files. This can aid in reconstructing altered data.

Monitoring for anomalies:

Deploy intrusion detection systems (IDS) and security information and event management (SIEM) tools to monitor for unusual behavior or unauthorized access.

Continuous adaptation: The Forensics vs. antiforensics battle

The battle between digital forensics and antiforensics is an ongoing struggle. As forensic techniques evolve, so do antiforensics tactics. It’s crucial to acknowledge that there is no one-size-fits-all solution. Effective defense requires vigilance, technological expertise, and the ability to adapt to emerging challenges.

Conclusion: Navigating the complex terrain

The world of antiforensics is a complex and evolving landscape that challenges digital forensic experts. Understanding various antiforensics techniques and employing strategic defense mechanisms can tilt the balance in favor of the defenders. By staying vigilant, continuously updating skills, and adopting a holistic approach to digital security, professionals can effectively counter antiforensics tactics. This can help to ensure that the truth behind digital incidents can be unraveled, regardless of the tactics employed to obscure it.

The post Unmasking antiforensics techniques: Strategies for effective defense appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cybersecurity threats refer to malicious activities conducted over digital networks, targeting systems, devices, and data. These threats encompass a wide range of attacks, from stealing sensitive information and spreading malware to disrupting critical infrastructure.

And their impact extends beyond technical realms. They can and regularly do affect individuals, businesses, and society at large.

Individuals face risks of identity theft, financial loss, and invasion of privacy.

Businesses can suffer from data breaches, financial damages, and reputational harm. Societal consequences include compromised infrastructure, erosion of trust in digital systems, and potential disruptions to essential services.

As technology becomes increasingly integrated into our lives, understanding and addressing cyber threats is crucial for safeguarding personal, economic, and societal well-being.

The cat and mouse game will never end, and it’s important to not only be aware of where the good guys stand but what to expect while running your business and trying to stay safe.

The dynamic nature of cyber threats

The dynamic nature of cyber threats lies in their continuous evolution and adaptation. Cybercriminals are relentless in their pursuit of new vulnerabilities, techniques, and tools to breach systems and compromise data.

In response, cybersecurity experts are in a constant race to anticipate and counter emerging threats.

They develop advanced security protocols like cloud penetration testing, analyze attack patterns, and collaborate to share threat intelligence. This ongoing battle is marked by innovation on both sides.

What cybersecurity pros have at their disposal

Cybersecurity professionals employ artificial intelligence, machine learning, and behavioural analytics to predict and detect threats, while cybercriminals use sophisticated social engineering and encryption techniques to evade detection.

This tug-of-war highlights the necessity of a proactive approach to cybersecurity. As threats evolve, defenders must not only address current vulnerabilities but also anticipate future attack vectors.

The rapid pace of technological change means that cybersecurity is not a one-time investment, but an ongoing commitment to staying updated, adapting strategies, and collaborating across sectors to safeguard digital ecosystems.

The evolution of cyber threats

The cyber threats that your business is likely to face in the 2020s are much different and far more insidious than they were back in the early days of the internet.

The early days

We have gone from:

• Viruses and worms: In the early days of computing, viruses and worms were the first types of cyber threats. They spread through infected files and email attachments, causing damage or disruption to systems.
• Malware: As technology advanced, so did malware. This category includes various types, such as Trojans, which masquerade as legitimate software, and keyloggers, which record keystrokes to steal sensitive information.

Current threats

What businesses and individuals must contend with now is shocking and, if you haven’t been following the industry and cyber threat landscape, very frightening.

Contemporary threats include:

• Phishing and social engineering: With the rise of the internet, cybercriminals shifted to tactics that exploit human psychology. Phishing attacks trick users into revealing personal information or clicking on malicious links.
• Ransomware: This marked a significant turning point. Ransomware encrypts victims’ data, demanding a ransom for its release. It has become a profitable business model for cybercriminals.
• Advanced Persistent Threats (APTs): APTs involve sophisticated, targeted attacks by well-funded and organized actors, often nation-states. These attacks are long-term, stealthy, and aim to steal sensitive data or intellectual property.

The threats themselves

Not only have the threats themselves changed, but the motivations have evolved along with the technology and capabilities of the criminal and other actors who are behind most major attacks.

Motivations behind cyber-attacks: Cyber-attacks are motivated by a range of factors:

• Financial gain: Many attacks, including ransomware, aim to generate profits. Cybercriminals exploit vulnerabilities for monetary rewards.
• Political motives: Nation-states engage in cyber espionage to gather intelligence, influence global politics, or gain a competitive advantage.
• Espionage: Corporate espionage involves stealing trade secrets, intellectual property, or confidential business information.
• Activism: Hacktivists target organizations or institutions to promote a political or social cause, often using cyber-attacks to disrupt operations or spread their message.

What’s more, there has been a shift to Organized Groups and Nation-States. Over time, cyber-attacks moved from isolated efforts to coordinated endeavours.

These include:

• Organized cybercrime: Cybercriminals formed networks and syndicates, sharing resources, tools, and expertise. This led to the commercialization of cybercrime through the sale of hacking tools and services in underground markets.
• Nation-state actors: State-sponsored cyber-attacks escalated, with governments using their resources to conduct espionage, sabotage, and information warfare. Notable examples include Stuxnet, an attack on Iran’s nuclear facilities attributed to the U.S. and Israel.
• Hybrid threats: Some attacks blur the line between cybercrime and state-sponsored actions. Cybercriminals may collaborate with or be co-opted by nation-states to achieve mutual goals.

This evolution showcases the increasing sophistication of both cyber threats and the actors behind them. The digital realm has become a battleground for various motives, making it essential for cybersecurity experts to stay ahead of these dynamic threats and adapt their strategies accordingly.

The role of cybersecurity experts

Naturally, as with any criminal activity and the illicit economies built around them, a cat-and-mouse game takes shape in which criminals discover and implement new techniques that cybersecurity experts must then understand, react to, and stop.

The battle between cybercriminals and cybersecurity experts is akin to a cat-and-mouse game, where each side continually tries to outmaneuver the other.

Cybercriminals are driven by the potential rewards of their malicious activities, while cybersecurity experts are dedicated to preventing breaches and minimizing damages. This game is characterized by constant innovation and adaptation, as both sides seek to gain an upper hand.

Adaptive techniques of cybercriminals: Cybercriminals exhibit remarkable adaptability to overcome defenses:

1. Polymorphic malware: They use techniques that change the appearance of malware with each iteration, making it difficult for traditional signature-based antivirus solutions to detect them.
2. Zero-day exploits: These are vulnerabilities unknown to the vendor. Cybercriminals exploit them before patches are developed, leaving systems exposed.
3. Evasion tactics: Cybercriminals manipulate code to evade detection by intrusion detection systems, firewalls, and sandboxes.
4. Social engineering: Techniques like spear-phishing and pretexting manipulate human behavior to compromise systems.
5. Ransomware evolution: Ransomware-as-a-Service (RaaS) platforms allow less-skilled criminals to use sophisticated ransomware, while “double extortion” adds pressure by threatening data leakage.

How the cybersecurity industry has responded

To counter these evolving threats, cybersecurity experts employ proactive strategies.

Threat intelligence

This involves gathering and analyzing data to understand cybercriminal tactics, techniques, and procedures (TTPs). This helps in predicting and preempting attacks.

Advanced analytics

By monitoring network traffic and behaviours, experts identify anomalies and patterns that signify potential threats.

AI and machine learning

These technologies enable the identification of abnormal behaviours that may indicate an attack. They learn from historical data and adapt to new attack methods.

Behavioral analysis

Experts assess how users, applications, and systems typically behave, allowing them to identify deviations that might indicate compromise.

Red teaming and penetration testing

By simulating attacks, experts uncover vulnerabilities and weaknesses in defences before cybercriminals can exploit them.

Collaboration

Sharing threat intelligence within the cybersecurity community strengthens the collective defence against emerging threats.

Continuous training

Cybersecurity professionals constantly update their skills and knowledge to stay current with the evolving threat landscape.

Wrapping up

The cat-and-mouse game between cybercriminals and cybersecurity experts underscores the relentless nature of the cybersecurity battle. As one side develops new tactics, the other responds with innovative defence mechanisms.

This dynamic cycle highlights the need for a multi-faceted approach to cybersecurity, combining technological advancements, human expertise, and collaborative efforts to effectively protect digital ecosystems from the ever-evolving array of cyber threats.

The post The cat and mouse game: Staying ahead of evolving cybersecurity threats appeared first on Cybersecurity Insiders.

Quantum computers are changing the cryptography rules

Under Data Encryption, the CISA Zero Trust Maturity Model v2.0 cites the criticality of “cryptographic agility” on the third (out of four) level of maturity. Cryptographic agility is the ability to change the underlying cryptographic algorithms in applications and communications channels. I believe this highlights the importance for organizations to be able to pivot their encryption algorithms to a post-quantum cryptographic world. As quantum computing becomes more widely available, the ability to crack strong encryption becomes weaker.

In August 2016, NIST published a request for comment on requirements and criteria for submission for nominations for Public-key Post-quantum Cryptographic (PQC) Algorithms. That means that 7 years ago, the hunt for a PQC started. In 2024, this is expected to be finalized. However, there are steps that organizations should be taking now to prepare for this. To understand why PQC is so important, it is important to follow the evolution of public-key cryptography.

Public-key cryptography

Public-key cryptography is what allows secure connections such as over the Internet. Without these secure connections, there would be no online banking, shopping, or private messaging. Public-key cryptography relies on algorithms that are essentially unbreakable with today’s technology.

This wasn’t always the case. Due to increasingly more powerful computers, older algorithms became more susceptible to brute-force attacks. For instance, RC5-64 was cracked in just under 5 years using 2002 technology –that’s essentially an Intel Pentium II running Windows NT– with groups of people donating personal computer cycles. Comparing current technology vs. 2002, we can just throw so much processing power, including renting from a cloud provide, that the auto-generated summary from that comparison link is astonishing:

“In single core, the difference is 8100%. In multi-core, the difference in terms of gap is 42425%.”

This is one of the reasons we moved from SSL to TLS1.0 and have continued to advance to TLS1.3. Older legacy algorithms become deprecated and are no longer in use.

Public-key cryptography isn’t just used for web servers for SSL/TLS. They are used to secure email, SSH/SFTP connections, digital signatures, Cryptocurrencies, and anywhere PKI (Public Key Infrastructure) is used including Microsoft Active Directory. If the current set of algorithms can be breached via brute force attack, the Internet could collapse, and this would have a devastating effect on the global economy and even reduce the effectiveness of military communications.

Fortunately, with many current “classical” technologies, we have been able to add more bits in algorithms to make them more difficult, making brute force attacks harder over time. For instance, SHA-2 went from 224 to 256 to 384 all the way to 512 before being largely replaced by SHA-3, which is more secure with same number of bits. At least, this was the path forward before quantum computing became a new viable way to crack these legacy algorithms.

What is a quantum computer?

You may be familiar with Diffie-Hellman key exchange, the RSA (Rivest-Shamir-Adleman) cryptosystem, and elliptic curve cryptosystems currently in use today. The security of these depends on the difficulty of certain number theoretic problems such as Integer Factorization or the Discrete Log Problem over various groups.

In 1994, Shor’s algorithm was developed that could efficiently solve each of these technologies. However, this algorithm relied on a completely different architecture: quantum computers. In the last 29 years, work has progressed to not only create new quantum algorithms but the actual hardware to run them on (initial quantum computers were emulated using classical computers and very slow). Recently, Google has developed a 70-qubit quantum computer. A qubit is the quantum computer equivalent of classical computer 1’s and 0’s, and more qubits mean a more powerful system. This Google system called the Sycamore Quantum Computer can solve a complex benchmark in a few seconds. The world’s current fastest classical supercomputer, called Frontier from Hewlett Packard, would take 47 years on that same benchmark.

While this is a highly specific test, it did demonstrate “quantum supremacy”: that quantum computers can outpace classical computing systems. If you are not concerned because these computers are expensive, know that cloud providers already have offerings you can use today:  Azure Quantum, IBM  and AWS Braket let you rent time at under $100 an hour. Google Quantum Computing Service appears to only allow access from an approved list, not (yet) giving access to the public. Recently. the Gemini Mine, which is a 2-qubit quantum computer, became available to buy directly for about $5,000. This is not a powerful machine but could be used to invisibly develop and test malicious quantum software.

However, the future is clear: Quantum computing breaks the current cryptographic algorithms.

What is a PQC and why do I need to use it?

Post-quantum Cryptography (PQC) is based on algorithms that will resist both classical and quantum computers. Since the current algorithms are not PQC, they are going to be targeted by bad actors and anything using them will no longer be effectively encrypted.

While quantum computers are still in their infancy, you might think that you can sit back and then when they go mainstream, simply move to a PQC algorithm when the risk becomes high enough. However, there is a need to move to a PQC as soon as possible: any encrypted data such as internet transmissions can be stored, and then later decrypted. Organizations must assume that anything using current encryption algorithms should be treated as cleartext.

Using PQC will then establish a line in the sand: even if transmissions are recorded or encrypted drives are stolen, they will not be able to be decrypted by quantum computers or classical supercomputers. Backups using old algorithms? Assume they are cleartext and erase them. Any secrets that were sent over the internet? Assume they are now in the public domain.

While governments have long isolated communications channels so even encrypted communications are hard to sniff, most private organizations do not – and should strive to move to PQC as soon as possible.

Table 1 from NIST IR 8105 shows the most popular cryptographic algorithms and the impact quantum computers will have on them.

NOTE: This was published in April 2016.

How should my organization prepare?

Although a PQC algorithm isn’t expected until 2024, organizations should prepare and take steps to make the migration a quick process:

• Inventory all cryptographic algorithms currently in use.
  • What systems are used?
  • Is this data at rest or in transmission?
• Prioritize this inventory so that when your organization needs to implement it, the high-risk resources are addressed first – such as Internet-facing systems or systems that house your most sensitive data.
• Document for each system type the process required to modify the in-use algorithm.
  • Do we need to increase the key length (AES and SHA2 or SHA-3) or replace the algorithm entirely (RSA, ECDSA, ECDH, DSA)
  • System updates or PQC algorithm installation
  • Configuration file modification
  • Restarting essential services
  • Testing process to ensure PQC algorithms are preferred/prioritized between systems when they are negotiating which algorithm to use.
• Review your supply chain and understand where you need third parties to deliver PQC.
  • For instance, if you are running accounting software SaaS, you want to be able to connect to it from your workstation securely. You are reliant on that SaaS to support PQC and should be asking for that as soon as possible. Depending on the risk profile, you may want to address that in any contractual negotiations to help ensure it happens.

These preparation steps should either be added to your normal governance processes or made into a project. Decide if you can use internal resources or if you should bring in a third party like AT&T Cybersecurity to help. In any case, make sure this is on your radar like it now is on mine. Once post-quantum cryptographic algorithms become available, all organizations should be looking to implement them.

Resources to learn more:

DHS: Preparing for Post-Quantum Cryptography Infographic (dhs.gov)

NIST: Report on Post-Quantum Cryptography (nist.gov)

CISA: Quantum-Readiness: Migration to Post-Quantum Cryptography (cisa.gov)

NSA: The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ (defense.gov)

The post Getting ready for a post-quantum world appeared first on Cybersecurity Insiders.