security risks – CyberSecurity Confabulation

Despite the vulnerabilities of proximity technology, many organizations have yet to take steps to transition to more secure credentialing systems. As a result, businesses across industries may unknowingly be putting themselves at heightened risk of costly data breaches and cyber attacks.

Credential technology like proximity cards and readers are widely used for granting access to buildings or facilities. However, the use of proximity cards extends to other critical areas, such as business applications and employee workstations, leaving sensitive information susceptible to interception by unauthorized users.

While navigating the transition from legacy technology can seem daunting, no business can afford the risks posed by leaving critical gaps in their cybersecurity posture unaddressed.

A measured approach to upgrading unencrypted or vulnerable credential technology enables businesses to effectively mitigate instances of unauthorized access while establishing robust credentialing systems for continued protection and efficiency going forward.

The risks of proximity technology

Hackers are constantly evolving tactics to access sensitive data. But over the past 10 years, stolen credentials have remained a factor in nearly a third (31%) of all data breaches.

So, why do hackers continue to rely on this attack strategy?

One reason is that proximity (125 kHz) cards are particularly susceptible to tampering due to their low frequency and lack of encryption. As a result, bad actors can easily clone a card and gain access to secure areas, systems and information.

Instead, it’s best to opt for secure credentials that operate on near-field communication (NFC) technology, such as contactless smart cards and mobile credentials to prevent issues related to tampering. These solutions use advanced encryption technology to protect credentialing data both at rest and in transmission, rendering it unusable to any hackers attempting to reproduce cards and gain unauthorized access.

In some cases, organizations express concern about the cost and operational disruption associated with upgrading their credentialing infrastructure. But consider the alternative: The average cost of a data breach in 2024 surged to $4.88 million, up from an already staggering $4.45 million in 2023.

The potential repercussions — both financial and reputational — of a major breach are far too significant to ignore. And with the right plan in place, initiatives to upgrade to more secure credentials can be tailored to your business’s needs, both now and in the future.

3 strategies for facilitating a seamless upgrade to secure credentials

Cost, disruption and complexity of implementation are legitimate concerns. However, there are several steps you can take to navigate these issues and ensure a smooth transition.

1.Conduct a thorough risk assessment. Before starting any upgrades, review your systems to pinpoint the most critical vulnerabilities.

If you are leveraging proximity technology for multiple functions — like single sign-on, secure printing, and time and attendance — begin with the area that poses the biggest threat in the event of a breach.

In this scenario, single sign-on would likely take priority due to the potential for data theft or compliance violations if unauthorized individuals gain access to networks, business applications, or sensitive information.

By identifying use cases that require more immediate attention, you can address pressing risks first, while still taking a step-by-step approach to implement robust controls across your organization.

2.Consider ease of integration and user experience. As with any organizational decision, it’s important to consider how changes will affect your existing systems and the employee experience.

For instance, certain systems may enable the addition of mobile credentials with minimal friction, making this an ideal addition to your existing security ecosystem. Another factor to assess is the level of support you can expect to receive, both at the vendor level and the manufacturer level. Expert guidance is especially critical if your implementation spans multiple facilities and use cases.

Additionally, consider piloting the use of new authentication methods with a smaller focus group prior to a broader rollout. As employees provide feedback, you’ll have the opportunity to troubleshoot on a smaller scale to prepare for smoother integration for your entire organization.

3.Look for opportunities to future-proof your systems. Going forward, mobile credentials will become increasingly common, both for their security capabilities and enhanced convenience.

While a physical badge can easily be left behind at home, most employees carry their phones with them at all times. And with the rise of features like digital wallets, people are more accustomed than ever to seamless transactions directly from personal devices.

Digital employee badges stored in a smartphone’s digital wallets can be used to access endpoints across your organization, from doors to printers and shared workstations.

Additionally, mobile credentials are not subject to the same level of wear and tear as physical credentials, reducing the need for IT departments to reprovision a card whenever a badge is lost. It also simplifies new employee onboarding because mobile credentials allow IT teams to grant (and retract) permissions remotely.

Beyond security, shifting to mobile credentials can help you keep pace with evolving technology and improve overall efficiencies. As you make the transition, selecting a reader that supports the most common secure physical and mobile credentials will streamline the process and ensure compatibility with both current and future credential types.

Whether you work in healthcare, banking, manufacturing, education or another industry, the need for robust security is universal. With highly secure mobile credential and smart card options available, proximity technology is long overdue for retirement.

Enhancing your credentialing and reader system now will ensure your organization can effectively safeguard its sensitive information and avoid unnecessary damages as cyberthreats continue to evolve.

The post Organizations Can’t Afford to Ignore the Security Risks of Proximity Technology appeared first on Cybersecurity Insiders.

As artificial intelligence (AI) technologies become more prevalent in enterprise environments, chatbots like ChatGPT are gaining popularity due to their ability to assist in customer service and support functions. However, while these chatbots offer numerous benefits, there are also significant security risks that enterprises must be aware of.

One of the main risks associated with ChatGPT is the potential for data breaches. These chatbots can be vulnerable to attacks that allow unauthorized access to sensitive data, such as customer information or financial records. Hackers can exploit vulnerabilities in the chatbot’s programming or the underlying platform to gain access to this information.

Another risk associated with ChatGPT is the potential for social engineering attacks. These attacks involve tricking users into providing sensitive information, such as passwords or login credentials. Chatbots like ChatGPT can be used to deliver phishing messages or other types of social engineering attacks to unsuspecting users.

In addition to security risks associated with external threats, ChatGPT can also pose an internal threat to enterprises. Employees could misuse the chatbot to gain access to information they are not authorized to see or to perform unauthorized actions within the enterprise’s systems.

Furthermore, ChatGPT’s use of natural language processing (NLP) technology can create additional security risks. NLP technology allows the chatbot to understand and respond to human language, but it can also be vulnerable to attacks that exploit weaknesses in language processing algorithms. Attackers could use these weaknesses to trick the chatbot into performing unintended actions or revealing sensitive information.

To mitigate these risks, enterprises must implement comprehensive security protocols when using ChatGPT. This can include implementing strong authentication mechanisms, regularly updating and patching the chatbot’s software, and regularly reviewing and monitoring access logs to identify potential threats.

In conclusion, ChatGPT is a powerful tool that can provide significant benefits to enterprises. However, its use also presents significant security risks that must be addressed to protect sensitive data and prevent unauthorized access. By implementing strong security protocols, enterprises can enjoy the benefits of ChatGPT while minimizing the risks associated with its use.

The post The Security Risks of ChatGPT in an Enterprise Environment appeared first on Cybersecurity Insiders.