Category: AlienVault

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cyberattacks have become increasingly common, with organizations of all types and sizes being targeted. The consequences of a successful cyberattack can be devastating. As a result, cybersecurity has become a top priority for businesses of all sizes.

However, cybersecurity is not just about implementing security measures. Organizations must also ensure they comply with relevant regulations and industry standards. Failure to comply with these regulations can result in fines, legal action, and damage to reputation.

Cybersecurity compliance refers to the process of ensuring that an organization’s cybersecurity measures meet relevant regulations and industry standards. This can include measures such as firewalls, antivirus, access management and data backup policies, etc. 

Cybersecurity regulations and standards

Compliance requirements vary depending on the industry, the type of data being protected, and the jurisdiction in which the organization operates. There are numerous cybersecurity regulations and standards; some of the most common include the following:

  • General Data Protection Regulation (GDPR)

The GDPR is a regulation implemented by the European Union that aims to protect the privacy and personal data of EU citizens. It applies to all organizations that process the personal data of EU citizens, regardless of where the organization is based.

  • Payment Card Industry Data Security Standard (PCI DSS)

This standard is administered by the Payment Card Industry Security Standards Council (PCI SSC). It applies to any organization that accepts credit card payments. The standard sets guidelines for secure data storage and transmission, with the goal of minimizing credit card fraud and better controlling cardholders’ data.

  • Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a U.S. law that regulates the handling of protected health information (PHI). It applies to healthcare providers, insurance companies, and other organizations that handle PHI.

  • ISO/IEC 27001

ISO/IEC 27001 is an international standard that provides a framework for information security management systems (ISMS). It outlines best practices for managing and protecting sensitive information.

  • NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed by the U.S. National Institute of Standards and Technology. It provides a framework for managing cybersecurity risk and is widely used by organizations in the U.S.

Importance of cybersecurity compliance

Compliance with relevant cybersecurity regulations and standards is essential for several reasons. First, it helps organizations follow best practices to safeguard sensitive data. Organizations put controls, tools, and processes in place to ensure safe operations and mitigate various risks. This helps to decrease the likelihood of a successful cyber-attack.

Next, failure to comply with regulations can result in fines and legal action. For example, under GDPR compliance, organizations can be fined up to 4% of their global turnover.

Finally, organizations that prioritize cybersecurity compliance and implement robust security measures are often seen as more reliable and trustworthy, giving them a competitive edge in the market. It demonstrates that an organization takes cybersecurity seriously and is committed to protecting sensitive data.

How to achieve cybersecurity compliance

Achieving cybersecurity compliance involves a series of steps to ensure that your organization adheres to the relevant security regulations, standards, and best practices:

1) Identify the applicable regulations and standards

The first step is identifying which regulations and standards apply to your organization. This will depend on factors such as the industry, the type of data being protected, and the jurisdiction in which the organization operates.

2) Conduct a risk assessment

Once you have identified the applicable regulations and standards, the next step is to conduct a risk assessment. This involves identifying potential risks and vulnerabilities within your organization’s systems, networks, and processes and assessing their likelihood and impact. This will help you determine the appropriate security measures to implement and prioritize your efforts.

3) Develop and implement security policies, procedures, and controls

Based on the risk assessment results, develop and implement security policies and procedures that meet the requirements of the relevant regulations and standards. This should also include implementing technical, administrative, and physical security controls, such as firewalls, encryption, regular security awareness training, etc.

4) Maintain documentation

Document all aspects of your cybersecurity program, including policies, procedures, risk assessments, and incident response plans. Proper documentation is essential for demonstrating compliance to auditors and regulators.

5) Foster a culture of security

Employees are often the weakest link in an organization’s cybersecurity defenses. Encourage a security-conscious culture within your organization by promoting awareness, providing regular training, and involving employees in cybersecurity efforts.

6) Monitor and update security measures

Cybersecurity threats are constantly evolving. Continuously monitor your organization’s cybersecurity posture and perform regular audits to ensure stable compliance. This may include conducting regular security audits, pen tests, patching software vulnerabilities, updating software, etc.

Cybersecurity compliance expert tips

Proper compliance can be challenging as implementing and maintaining effective cybersecurity measures requires specialized expertise and resources. Regulations and standards are often lengthy and can be difficult to interpret, especially for organizations without dedicated teams. Many organizations may not have the resources to hire dedicated infoseclegal staff or invest in advanced security technologies. In addition, the cybersecurity world is constantly evolving, and unfortunately, new threats emerge all the time. To overcome the challenges, you can try several helpful approaches:

Implement a risk-based approach: A risk-based approach involves identifying your organization’s most critical vulnerabilities and threats. Focus your limited resources on addressing the highest-priority risks first, ensuring the most significant impact on your security posture.

Utilize third-party services: Small and medium-sized businesses frequently face budget constraints and lack expertise. Utilizing third-party services, such as managed security service providers (MSSPs), can be an effective solution.

Leverage open-source resources: There are plenty of free and open-source cybersecurity tools, such as security frameworks, vulnerability scanners, encryption software, etc. These can help you enhance your security posture without a significant financial investment.

Utilize cloud-based services: Consider using cloud-based security solutions that offer subscription-based pricing models, which can be more affordable than traditional on-premises security solutions.

Seek external support: Reach out to local universities, government organizations, or non-profit groups that provide cybersecurity assistance. They may offer low-cost or free guidance, resources, or tools to help you meet compliance requirements.

Collaborate with peers: Connect with other businesses or industry peers to share experiences, insights, and best practices related to compliance.  

Final thoughts: Moving towards a security-centric culture

Compliance with cybersecurity regulations and standards is vital but does not guarantee complete protection. Building a culture of security that transcends compliance is essential for safeguarding your organization’s assets and reputation. A security culture focuses on continuous improvement and adaptation to stay ahead of threats, taking a proactive approach to risk management, engaging employees at all levels, and fostering adaptability and resilience.

To build a security-centric culture in your organization, ensure senior leadership supports and champions the importance of security. Provide regular employee training and awareness programs to educate staff about cybersecurity best practices, their roles and responsibilities. Reward employees who demonstrate a strong commitment to security or contribute to enhancing the organization’s security posture. Encourage cross-functional collaboration and open communication about security issues, fostering a sense of shared responsibility and accountability.

The post Navigating the complex world of Cybersecurity compliance appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s digital age, sensitive information is constantly being shared and transmitted over various electronic devices and networks. Whether it’s personal information like social security numbers and financial information like card information, or business information like trade secrets and client data, it’s important to ensure that this information is kept secure and protected from unauthorized access. One of the most effective ways to do this is through encryption.

Encryption is the process of converting plain text or data into an unreadable format using an encryption algorithm, which can only be deciphered or decrypted by those who have the decryption key. This ensures that if the file or email is intercepted or accessed by unauthorized users, they will not be able to read the information.

In cybersecurity, encryption plays a crucial role in ensuring data confidentiality, integrity, and authenticity. In day-to-day life, encryption is used in various ways to make life easier for the common man. For example, encryption is used in online transactions to protect the user’s financial information from being intercepted and stolen by hackers. Encryption is also used in messaging and email applications to protect the privacy of conversations and messages from being read by unauthorized users.

Why encrypt files and Emails?

It is important for computer users to encrypt their files and emails because they may contain sensitive information that could be intercepted or accessed by unauthorized users. Encryption adds an extra layer of security to protect against the risks. Encryption ensures that even if the information is intercepted by a malicious user, it is unreadable and unusable. This can prevent the loss of sensitive data.
Encryption is becoming more important for organisations in order to comply with privacy and data protection regulations like GDPR, PCI-DSS, and HIPAA. These regulations require businesses to take steps to protect sensitive data, and failure to comply can result in legal and financial penalties. Encrypting emails and files can save individuals and organisations from various cyberthreats such as identity theft, financial fraud etc., as well encryption ensures the confidentiality and integrity of data.

How to encrypt files:

Here are some steps you can follow to encrypt files:

  • Identify the file you want to encrypt, it can be any file such as document, image, video etc.
  • Choose the encryption software, there are various tools available alongside built in encryption features in Windows and MacOS. Some popular encryption tools available are Veracrypt, 7-zip, GnuPG, AxCrypt. Proceed with the installation of the tool you chose.
  • Browse the file which you want to encrypt in the encryption tool you installed.
  • Choose the encryption algorithm, you can choose as per your needs from algorithms given in the tool, such as AES, blowfish etc.
  • Now, encryption tool will ask you to create a passphrase or password, which will be used to encrypt and decrypt the file. Choose a strong and complex password. Keep the password safe since it is the key to decrypt the file and avoid sharing it with anyone.
  • After choosing the password, start the encryption process within the encryption tool. Time consumed for encrypting files may vary based on file size and encryption algorithm chosen.
  • Once the encryption process is complete, the encrypted will be saved with a new file extension depending on the encryption tool used.

By following these steps, you can encrypt your files and protect sensitive information from unauthorized access and interception.

How to encrypt E-mails:

Encrypting emails is another effective way to protect sensitive information from unauthorized access or interception. Here are some steps to follow to encrypt emails:

  • There are various email encryption tools and software available, including PGP (Pretty Good Privacy), S/MIME (Secure/Multipurpose Internet Mail Extensions).
  • Once you have chosen an email encryption tool, you will need to install the tool and configure it to work with your email account with the steps provided in documentation of the tool. There are also extensions available for PGP and other encryption algorithms available to configure it easily for your email.
  • After setting up your email encryption account, compose your email as usual. While composing your email, you can encrypt it using the tool you choose, this usually involves selecting the option to encrypt the email and choosing the public key of recipient. Choosing the recipient’s public key while encrypting the email will ensure that the recipient is able to decrypt the email using their private key.
  • Once the email is encrypted, you can send it as usual. The recipient will need to have the corresponding private key to decrypt the email and view its contents.

Encrypting files and emails is a critical tool in protecting sensitive information from unauthorized access, interception, and tampering. By following the steps outlined above, you can ensure that your files and emails are encrypted using strong encryption algorithms and passwords or passphrases, and that your sensitive information is kept secure and protected.

The post Encrypting files and emails: A beginner’s guide to securing sensitive information appeared first on Cybersecurity Insiders.

With increased dangers lurking in digital spaces, the need for cybersecurity is now a commonly known fact for just about all business owners.

When it comes to protecting their network, most start with the basic firewall. While added layers are required, there is something even more fundamental that should not be overlooked: the physical connection itself.  It is like making sure you have secure and quality doors and windows prior to putting alarms on them.

So, what type of internet connection is the most secure?

To answer this question, I consulted with Robert Lozanski, a member of AT&T’s Solution Consultant team whose primary role is to design full networking solutions for businesses.  In the following paragraphs, let’s go through the different types of connections and assess the quality – as well as the security level – of each one.

Meet the contenders

First off, it is important to understand the different types of internet connections. The most common ones are copper, fiber, and wireless networks.

Copper: Copper cables are the original internet connections. They transmit data in the form of electrical signals. While this type of connection has been used for years, copper is difficult to maintain, has limited speed options, and degrades with time. As a result, many providers are making a shift away from it.

Cellular: A cellular network provides access to the Internet by transmitting data over the air. The network connects to cellular towers rather than cables in the ground.  While cellular internet has made huge technological advancements with the rollout of 5G, it still has its limitations. Cellular networks currently have lower speed tiers than many wired options – but this may change in the future.

Fiber: Fiber optic internet uses a network of bundled strands of glass called fiber optic cables to deliver internet service through pulses of light. Fiber optics are the newest and most reliable type of internet connections. They also offer the highest speed options.

Assessing the security of the connections

A common way to assess a network is by measuring it against the CIA triad: Confidentiality, Integrity, and Availability. Among the different internet transport types, some are more secure than others because of the way they fulfill the three CIA requirements.  In other words, a secure network will have high levels of confidentiality, integrity, and availability.

As of 2023, 5G wireless connections have security layer options and speeds that make them strong contenders in the networking market. However, wired connections are still the primary choice for businesses prioritizing their internet connections due to wired connection’s reliability and bandwidth availability.

According to Lozanski, “while a cellular network solution is utilitarian for its mobility and flexibility, wired connections still offer an added layer of security because they will provide faster speeds and performance. A cellular connection can perform like a broadband connection with fluctuations throughout the day, but it won’t offer the same speeds.”

Between the two wired connections mentioned, copper and fiber, there is not much competition. With speeds up to 1Tbps, fiber moves at the speed of light and offers availability and reliability that copper wired connections cannot provide. 

However, the search for the most secure connection does not stop there. Even though fiber optic connections are made of glass and move at the speed of light, the way the connection is delivered may vary, and in turn offer different levels of security. The simplest way to break down this difference is to differentiate between a shared and dedicated connection.

A shared connection is where multiple units share the same bandwidth with limited speeds available. This is the type of connection most people picture when they think of Fiber, and it’s becoming an increasingly cost-effective and popular option. Unfortunately, shared fiber is limited in its availability, as it is only available in qualified areas where providers build their infrastructure. Although fiber infrastructure has grown rapidly, there are still places that do not have shared fiber facilities at all. See if you qualify for AT&T shared Fiber here.

A Dedicated Connection, also known as a point-to-point connection, is where the provider builds out a single line of fiber to an individual customer. Unlike shared connections that segment out the bandwidth to neighboring units, a dedicated connection is reserved for a single unit. When using the CIA metric for security, a Dedicated Fiber Circuit comes out on top. Below is the breakdown: 

What makes a Dedicated Fiber Circuit secure?

1. Confidentiality

A secure network is one where the right people have access to needed information, while others are kept out. One highlight of a dedicated connection is that it travels on its own network and is aggregated directly to a wire center. This makes it much harder to hack into as the connection isn’t shared by multiple users. 

Lozanski brought in an example, “A dedicated fiber circuit is extremely private for businesses that host their infrastructure onsite, such as web-hosting servers and email servers. Dedicated internet is an ideal option because it is physically safer.

It is important to note, however, that while a dedicated circuit may provide some protection on a physical level, the connection will still lead to the public internet and additional layers of Cybersecurity are essential to ensure a truly confidential connection. In the event of an attack, a shared connection with the right layers of security would likely fare better than an unprotected dedicated fiber circuit. The physical connection is just the foundation, and utilizing a Dedicated circuit on its own does not ensure full privacy. 

2. Integrity

The integrity of a network is measured by the accuracy, completeness, and consistency of the data that travels on it. Through his many consultations, Lozanski sees a trend that highlights the importance of a connection with high integrity. He said, “Nowadays, many businesses utilize VoIP (Voice over Internet Protocol). This is data that you don’t want there to be any issue with.”

Instead of using traditional copper landlines to host their calls, businesses use VoIP to put voice data over the internet. While it is more cost effective and boasts numerous benefits, this solution creates a higher reliability on the internet connection.  If the internet is not stable, the data may be disrupted, and the voice quality will go down.

“With AT&T Dedicated Internet, you are able to prioritize mission critical data and you are guaranteed call quality when it comes to VoIP. Dedicated Internet can add a Class of Service component that you cannot get with another type of connection,” Lozanksi continued. 

3. Availability

If a network is not available to its users, it is simply not secure. The owners of the network need to be able to seamlessly access their resources. Lozanski said, “The piece of the puzzle that differentiates a Dedicated Fiber circuit is that it is the only connection backed up by Service Level Agreements for availability, latency, jitter, and packet loss. While the SLA’s may vary per carrier, at AT&T we guarantee 100% availability service level agreements on our Dedicated Fiber Circuits. We will have your internet connection up 24/7, 365 days of the year”.

On a shared connection, multiple users share the same bandwidth. Like traffic on a highway that becomes congested when many cars travel on it at the same time, a shared connection may slow down during peak busy hours. No matter the provider, shared connections run on ‘best effort’ speeds without the same kind of service level agreements. This can result in slower repair time and for many businesses, a loss of revenue and security.

Who are Dedicated Fiber circuits for?

Dedicated Fiber used to be utilized mainly by enterprise-level customers due to the large-scale networking needs of these types of businesses and a higher monthly cost. However, as more businesses move online and increase their digital presence, many find Dedicated Fiber an increasingly enticing option.

Lozanski added, “Generally, any business that needs to prioritize mission-critical data may be interested in a Dedicated Circuit. While the monthly cost may be higher, it is important to also analyze the impact and financial loss the business may incur if their internet is down”. Oftentimes, the additional cost of Dedicated Fiber may be offset by bundling multiple services together.

At the end of the day, no matter the connection you choose, note that the physical connection is only the first layer. While a Dedicated Circuit will provide a solid foundation, it is equally important to consider what is being layered on top of the network to protect it. Cyber threats are only increasing and to be prepared, the first step is to be informed.

Click here to learn more about AT&T Dedicated Fiber and request a free consultation to see if it’s a good fit for your business this year.

The post When internet security is a requirement, look to dedicated fiber appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The digital landscape is always changing to keep up with a constantly evolving world, and bad actors are also adapting. For every new development in the digital world, cybercriminals are looking to take advantage of weaknesses, so it is important that those concerned with the security of their organization’s network, data, and other assets stay vigilant and on top of trends. Everybody within an organization should work to establish and maintain good cybersecurity habits and measures, but much of the security burden falls on the chief information security officer (CISO). Below are some key insights for any CISO to take into consideration.

Concerns and challenges

Since the beginning of the COVID-19 pandemic three years ago, hybrid and remote working solutions have been rising in popularity. This should be a priority area: according to a report from Malwarebytes, 20% of companies reported that a remote worker had caused a security breach. In comparison, 55% cited training employees in security protocols as a major challenge in transitioning to work-from-home infrastructure. Because the shift to hybrid and remote work happened quickly and with an eye for ease of access over security, employees working offsite can pose a great risk to an organization if not provided with adequate cybersecurity training and policies.

AI and machine learning are also on the rise, increasingly being utilized by businesses and cybercriminals alike. It is important to recognize that while AI enhancements can provide aid, there is no replacement for the human element in developing a cybersecurity strategy. Understanding and deploying AI and machine learning tools can not only help with fraud detection, spam filtering, and data leak prevention, but it can allow a security officer insight into cybercriminals’ use of the tools. Increasing awareness of the criminal toolkit and operations provides an opportunity to get ahead of threat trends and potentially prevent attacks and breaches.

Another major issue is the shortage of qualified cybersecurity professionals leading to a significant struggle with recruitment and retention. In a Fortinet report, 60% of respondents said they were struggling to recruit cybersecurity talent, and 52% said they were struggling to retain qualified people. In the same survey, around two-thirds of organization leaders agreed that the shortage “creates additional risk.” Many factors work in tandem to perpetuate the problem, but the solution doesn’t have to be complicated. Ensuring your employees have a healthy work environment goes a long way, as well as tweaking hiring practices to select “adaptable, highly communicative and curious” people, as these traits make for an employee who will grow and learn with your company.

Tips for improving cybersecurity

One of the top priorities for CISOs should always be to ensure that all employees are properly trained in cyber hygiene and cybersecurity best practices. Insider threats are a serious issue with no easy solution, and a good number of those (more than half, according to one report) are mistakes due to negligence or ignorance. Traditional threat prevention solutions are often concerned with “keeping bad guys out,” and do not protect against those who are already inside the organization.

With hybrid and remote work both expanding the attack surface and hindering enforcement of security policies, it is crucial that all workers, remote or not, understand the role they play in protecting the organization against attacks and data breaches. Companies should also employ the principle of least privilege and implement a zero-trust framework to keep employees from accessing areas of the network that are not necessary for their jobs and lower the chances of either malicious or accidental data breaches.

While the threat landscape is constantly evolving, tried-and-true solutions are still able to cover a lot of ground, so long as security officers and teams are willing to adapt their methods. Many security fundamentals are classics for a reason. It is important to address cybersecurity holistically, rather than as a purely technological issue with technological fixes. Investing in security solutions is just one part of a robust security protocol, which should include not only attack detection and prevention tools, but secure policies from the ground up. Securing networks, devices, data, and other company resources requires many-layered protection.

Perhaps the most important thing for CISOs is ensuring that their voices are heard throughout the company and that cybersecurity is not just an inconvenience for employees to slog through and immediately forget. This means a total culture shift to make every person at every level of the organization understand and respect their own role in keeping data and assets safe. The atmosphere surrounding cybersecurity policies and protocols should be one of cooperation rather than compliance.

Conclusion

Technology and the digital world are on a path of constant, rapid growth that affects every industry and every individual. CISOs, charged with protecting their organizations against cyberattacks and data breaches, face a challenge, especially when employees and fellow executives are not sufficiently informed or involved. It is crucial to remember that every person inside a company is responsible for cybersecurity measures, and every person can cause a data breach through ignorance or negligence. Improving cybersecurity posture while threats are always adapting and following new trends is no easy task, but it is possible with the right tools and practices.

The post CISOs: How to improve cybersecurity in an ever-changing threat landscape appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Artificial intelligence is the hottest topic in tech today. AI algorithms are capable of breaking down massive amounts of data in the blink of an eye and have the potential to help us all lead healthier, happier lives.

The power of machine learning means that AI-integrated telehealth services are on the rise, too. Almost every progressive provider today uses some amount of AI to track patients’ health data, schedule appointments, or automatically order medicine.

However, AI-integrated telehealth may pose a cybersecurity risk. New technology is vulnerable to malicious actors and complex AI systems are largely reliant on a web of interconnected Internet of Things (IoT) devices.

Before adopting AI, providers and patients must understand the unique opportunities and challenges that come with automation and algorithms.

Improving the healthcare consumer journey

Effective telehealth care is all about connecting patients with the right provider at the right time. Folks who need treatment can’t be delayed by bureaucratic practices or burdensome red tape. AI can improve the patient journey by automating monotonous tasks and improving the efficiency of customer identity and access management (CIAM) software.

CIAM software that uses AI can utilize digital identity solutions to automate the registration and patient service process. This is important, as most patients say that they’d rather resolve their own questions and queries on their own before speaking to a service agent. Self-service features even allow patients to share important third-party data with telehealth systems via IoT tech like smartwatches.

AI-integrated CIAM software is interoperable, too. This means that patients and providers can connect to the CIAM using omnichannel pathways. As a result, users can use data from multiple systems within the same telehealth digital ecosystem. However, this omnichannel approach to the healthcare consumer journey still needs to be HIPAA compliant and protect patient privacy.

Medicine and diagnoses

Misdiagnoses are more common than most people realize. In the US, 12 million people are misdiagnosed every year. Diagnoses may be even more tricky via telehealth, as doctors can’t read patients’ body language or physically inspect their symptoms.

AI can improve the accuracy of diagnoses by leveraging machine learning algorithms during the decision-making process. These programs can be taught how to distinguish between different types of diseases and may point doctors in the right direction. Preliminary findings suggest that this can improve the accuracy of medical diagnoses to 99.5%.

Automated programs can help patients maintain their medicine and re-order repeat prescriptions. This is particularly important for rural patients who are unable to visit the doctor’s office and may have limited time to call in. As a result, telehealth portals that use AI to automate the process help providers close the rural-urban divide.

Ethical considerations

AI has clear benefits in telehealth. However, machine learning programs and automated platforms do put patient data at increased risk of exposure. Additionally, some patients are trying to replace human doctors and therapists altogether with programs like ChatGPT and AI screening apps.

Patients who utilize telehealth apps in lieu of providers must understand the ethical implications of AI healthcare. AI is naturally limited by the data it has been trained on and does not have the same checks and balances as human therapists. Instead of replacing real-life therapy, AI-powered apps should play a back-seat role in providing better, more relevant support.

It’s worth noting that some patients need human interaction. AI may be more efficient, but many patients want to be seen by a real doctor with the ability to empathize with their condition. The human need for connection can even help some patients turn the corner and work towards a healthier, happier life.

AI and Cybersecurity

Cybersecurity is an ever-present concern for healthcare providers across the globe. Patient data is extremely sensitive and cannot be put at risk by faulty algorithms or low-security software. Telehealth apps must be among the most secure platforms to build patient trust and maintain confidentiality.

Unfortunately, the increased adoption of AI means that the risk involved in telehealth is growing. Malicious actors use AI themselves to trawl massive amounts of data and spot security flaws. Telehealth providers must combat scammers and identity fraud by “baking in” security at every step.

Providers can reduce cybersecurity risks by requiring two-step authentication during log-in and timing inactive patients out when they are idle. These simple steps decrease the risk of malicious actors gaining access to patient data.

Additionally, telehealth providers need to regularly maintain and update points of connection. IoT devices are notorious for being weak points in the wider digital ecosystem and may give malicious actors the entry point they need to enter confidential patient portals. Providers can reduce the risk of hacking by testing their IoT network regularly and responding rapidly to potential weak points.

Conclusion

AI will improve the accuracy of medical diagnoses and help close the rural-urban healthcare divide. However, AI-integrated telehealth services may put some user data at risk. Providers can firm up their patient portals and CIAM software by utilizing common-sense procedures like two-factor authentication and hiring a team of cybersecurity specialists to reduce the risk of an attack.

The post The intersection of telehealth, AI, and Cybersecurity appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As a natural language processing model, ChatGPT – and other similar machine learning-based language models – is trained on huge amounts of textual data. Processing all this data, ChatGPT can produce written responses that sound like they come from a real human being.

ChatGPT learns from the data it ingests. If this information includes your sensitive business data, then sharing it with ChatGPT could potentially be risky and lead to cybersecurity concerns.

For example, what if you feed ChatGPT pre-earnings company financial information, company proprietary software codeor materials used for internal presentations without realizing that practically anybody could obtain that sensitive information just by asking ChatGPT about it? If you use your smartphone to engage with ChatGPT, then a smartphone security breach could be all it takes to access your ChatGPT query history.

In light of these implications, let’s discuss if – and how – ChatGPT stores its users’ input data, as well as potential risks you may face when sharing sensitive business data with ChatGPT.

Does ChatGPT store users’ input data?

The answer is complicated. While ChatGPT does not automatically add data from queries to models specifically to make this data available for others to query, any prompt does become visible to OpenAI, the organization behind the large language model.

Although no membership inference attacks have yet been carried out against the large language learning models that drive ChatGPT, databases containing saved prompts as well as embedded learnings could be potentially compromised by a cybersecurity breach. OpenAI, the parent company that developed ChatGPT, is working with other companies to limit the general access that language learning models have to personal data and sensitive information.

But the technology is still in its nascent developing stages – ChatGPT was only just released to the public in November of last year. By just two months into its public release, ChatGPT had been accessed by over 100 million users, making it the fastest-growing consumer app ever at record-breaking speeds. With such rapid growth and expansion, regulations have been slow to keep up. The user base is so broad that there are abundant security gaps and vulnerabilities throughout the model.

Risks of sharing business data with ChatGPT

In June 2021, researchers from Apple, Stanford University, Google, Harvard University, and others published a paper that revealed that GPT-2, a language learning model similar to ChatGPT, could accurately recall sensitive information from training documents.

The report found that GPT-2 could call up information with specific personal identifiers, recreate exact sequences of text, and provide other sensitive information when prompted. These “training data extraction attacks” could present a growing threat to the security of researchers working on machine learning models, as hackers may be able to access machine learning researcher data and steal their protected intellectual property.

One data security company called Cyberhaven has released reports of ChatGPT cybersecurity vulnerabilities it has recently prevented. According to the reports, Cyberhaven has identified and prevented insecure requests to input data on ChatGPT’s platform from about 67,000 employees at the security firm’s client companies.

Statistics from the security platform cite that the average company is releasing sensitive data to ChatGPT hundreds of times per week. These requests have presented serious cybersecurity concerns, with employees attempting to input data that includes client or patient information, source codes, confidential data, and regulated information.

For example, medical clinics use private patient communication software to help protect patient data all the time. According to the team at Weave, this is important to ensure that medical clinics can gain actionable data and analytics so they can make the best decisions while ensuring that their patients’ sensitive information remains secure. But using ChatGPT can pose a threat to the security of this kind of information.

In one troubling example, a doctor typed their patient’s name and specific details about their medical condition into ChatGPT, prompting the LLM to compose a letter to that patient’s insurance company. In another worrying example, a business executive copied the entire 2023 strategy document of their firm into ChatGPT’s platform, causing the LLM to craft a PowerPoint presentation from the strategy document.

Data exposure

There are preventive measures you can take to protect your data in advance and some companies have already begun to impose regulatory measures to prevent data leaks from ChatGPT usage.

JP Morgan, for example, recently restricted ChatGPT usage for all of its employees, citing that it was impossible to determine who was accessing the tool, for what purposes, and how often. Restricting access to ChatGPT altogether is one blanket solution, but as the software continues to develop, companies will likely need to find other strategies that incorporate the new technology.

Boosting company-wide awareness about the possible risks and dangers, instead, can help make employees more sensitive about their interactions with ChatGPT.  For example, Amazon employees have been publicly warned to be careful about what information they share with ChatGPT.

Employees have been warned not to copy and paste documents directly into ChatGPT and instructed to remove any personally identifiable information, such as names, addresses, credit card details, and specific positions at the company.

But limiting the information you and your colleagues share with ChatGPT is just the first step. The next step is to invest in secure communication software that provides robust security, ensuring that you have more control over where and how your data is shared. For example, building in-app chat with a secure chat messaging API ensures that your data stays away from prying eyes. By adding chat to your app, you ensure that users get context-rich, seamless, and most importantly secure chat experiences.  

ChatGPT serves other functions for users. As well as composing natural, human-sounding language responses, it can also create code, answer questions, speed up research processes, and deliver specific information relevant to businesses.

Again, choosing a more secure and targeted software or platform to achieve the same aims is a good way for business owners to prevent cybersecurity breaches. Instead of using ChatGPT to look up current social media metrics, a brand can instead rely on an established social media monitoring tool to keep track of reach, conversion and engagement rates, and audience data.

Conclusion

ChatGPT and other similar natural language learning models provide companies with a quick and easy resource for productivity, writing, and other tasks. Since no training is needed to adopt this new AI technology, any employee can access ChatGPT. This means the possible risk of a cybersecurity breach becomes expanded.

Widespread education and public awareness campaigns within companies will be key to preventing damaging data leaks. In the meantime, businesses may want to adopt alternative apps and software for daily tasks such as interacting with clients and patients, drafting memos and emails, composing presentations, and responding to security incidents.

Since ChatGPT is still a new, developing platform it will take some time before the risks are effectively mitigated by developers. Taking preventive action is the best way to ensure your business is protected from potential data breaches.

The post Sharing your business’s data with ChatGPT: How risky is it? appeared first on Cybersecurity Insiders.

RSAC 2023 was a huge success. We launched our 2023 AT&T Cybersecurity Insights Report, which was met with enthusiasm by the industry and the media. In fact, Will Townsend, writing for Forbes, noted that our report joined other great research by industry peers who are striving to do more than just provide security solutions.

“RSAC 2023 could be best characterized by its emphasis on the advantages and disadvantages of AI and numerous published cybersecurity reports designed to raise awareness of threats and subsequent remediation, in addition to cybersecurity platform enhancements. These subjects are a definite departure from the past few RSAC events, which seemed to be zero-trust “me too” conventions. It is a welcome change, given that the emphasis on improving security outcomes benefits everyone.” Read more >>

Townsend perfectly captures the AT&T Cybersecurity mission to help business leaders understand both the business and security landscape – and how it’s evolving as technology continues to change the way we work and live. After listening to the challenges organizations are encountering, it’s clear that research and understanding the business landscape are essential parts of a responsible cybersecurity vendor strategy.

DDoS versus ransomware – how does edge computing change the equation?

I participated in a panel discussion hosted by Channel Futures examining the challenges of securing critical infrastructure. The discussion kicked off with a Gartner prediction, “by 2025, 30% of critical infrastructure organizations will experience a security breach resulting in the halting of operations and/or mission-critical cyber-physical system.,” I spoke about our research findings that indicate a change in perceived attacks: when it comes to edge computing, DDoS is perceived as a greater attack concern than ransomware.

“One of the reasons cybercriminals are gravitating to DDoS is it’s cheaper and easier than ransomware.”  Read more.

I did a video interview with BankInfoSecurity.com discussing how edge computing and innovative use cases are changing the way we’re dealing with cyber resilience.

“Organizations are investing in the edge but they also know that their endpoints are changing,” said Lanowitz. “They want to make sure they are futureproofing themselves and going to be dynamic in their cyber resilience. That’s because the  security edge is not linear or a straight line. It’s a circuitous, often confusing, and an often-changing environment that you will have to live with.” Learn more >>

Watch the webcast discussing the AT&T Cybersecurity Insights Report findings.

If you prefer to listen to the research results, we have a webcast for you. Along with my colleague, Mark Freifeld, I take you through the characteristics of edge computing, the challenges edge computing creates because it’s so different from traditional computing, and key takeaways to help you develop your edge computing security strategy.

Here are a few highlights of other coverage that provide context for our research findings.

Articles

Podcasts

Video

Finally, we have an infographic that provides a graphic look at the results and recommendations. If you have questions about the study, let me know! The best way to get my attention is via LinkedIn. Catch the recorded webcast here.

 

The post RSAC 2023 | Cybersecurity research on edge computing generates big interest appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The spread of the remote workforce and the growth of digital transformation has exponentiated the number of login-based attack vectors. While multi-factor authentication (MFA) generally protects against common methods of gaining unauthorized account access, not all multi-factor authentication methods can defend against sophisticated attacks. To achieve full zero-trust access, MFA is being replaced by phishing-resistant MFA and the standards that define it.

To give you a complete picture, I have identified key terminology and concepts surrounding phishing-resistant authentication and put them together in this handy glossary. To fully appreciate phishing-resistant MFA, it helps to know the vocabulary.

Account takeover

Achieving Account Takeover (ATO) means successfully compromising a target account with the intent of committing fraud. The account is fully compromised when the attacker can successfully operate as the user with all the pursuant permissions and access privileges. ATO is often initiated by credential theft and can be done using social engineering techniques (phishing attacks) or by bombarding login pages with bot-based attempts.

Phishing attacks

Phishing attacks attempt to steal personal data such as login credentials, credit card information, or even money using social engineering techniques. This type of attack is usually launched through e-mail messages, appearing to be sent from a reputable source, with the intention of persuading the user to open a malicious attachment or follow a fraudulent URL. The most targeted types of services are SaaS and webmail platforms, as well as payment services. Phishing attacks create many cascading effects, impacting businesses and individuals in many ways.

Man-in-the-Middle (MiTM) attacks

NIST defines a Man-in-the-Middle (MiTM) as “an attack in which an attacker is positioned between two communicating parties to intercept and/or alter data traveling between them.” In an authentication context, this would mean “the attacker would be positioned between claimant and verifier, between registrant and Credential Service Provider during enrollment, or between subscriber and Credential Service Provider during authenticator binding.”

Authentication

NIST defines “digital authentication establishes that a subject attempting to access a digital service is in control of one or more valid authenticators associated with that subject’s digital identity.”

For services in which return visits are applicable, successfully authenticating provides reasonable risk-based assurances that the subject accessing the service today is the same subject that accessed the service previously. Authentication establishes confidence that the claimant has possession of one or more authenticators bound to the credential. It does not determine the claimant’s authorizations or access privileges – for example, what they are allowed to do once they have successfully accessed a digital service.

2FA

Two-factor authentication, or 2FA, is an authentication method requiring the combination of two different types of factors to access protected resources. The three types of authentication factors are something you know, something you have, and something you are.

2FA improves the Single-Factor Authentication (SFA) login process. It does this by requiring not only a set of credentials based on what you know, such as a password (which is susceptible to phishing), but a second credential type based on what you possess, like your phone, token, or smart card, or what you are, including biometrics such as a fingerprint.

MFA

Multi-factor authentication, or MFA, requires two or more authentication factors before allowing access to gated systems. MFA can be achieved using a combination of the three types of authentication factors (something you know, something you have, and something you are). Because multi-factor authentication security requires multiple means of identification at login, it is widely recognized as the most secure method for authenticating access to data and applications.

Biometrics

Biometrics are physical or behavioral human characteristics used as a factor of authentication (something you are).  Usual biometrics are fingerprint, facial recognition, or voice recognition. Using biometrics is another way to unlock the users’ private keys, thereby completing the FIDO2 or PKI authentication process. Safer than a password, the biometry of the user does not leave the device for security purposes and enables secure login without the use of passwords.

Phishing-resistant MFA 

Phishing-resistant MFA is multi-factor authentication protected from attempts to compromise the authentication process through phishing attacks. Several elements are required to qualify an authentication method as phishing-resistant, including a strong, trusted relationship through cryptographic registration, eliminating shared secrets, and responding only to valid requests from known and trusted parties. “Phishing-resistant MFA is nothing more than the same authentication process, but people are removed from the equation,” says the SANS Institute.

Phishing-resistant MFA methods include Fast IDentity Online (FIDO), certificate-based authentication (CBA), Personal Identity Verification (PIV), and artifacts governed by Public Key Infrastructure (PKI).

SMS OTP

Security experts consider SMS authentication vulnerable to SIM swapping attacks and interception over public networks. When an authentication code is sent via SMS to a mobile device, we must be confident that the message reaches the intended recipient. However, research has demonstrated the increasing success of redirecting or intercepting SMS messages without cost or time.

Push notification OTP

Push notification authentication validates login attempts by sending one-time passcodes to an associated mobile device. Although not phishing-resistant, NIST and other security agencies consider Push Notification OTP to offer higher security than SMS OTP. However, certain weaknesses include being vulnerable to MFA bombing attacks (also called MFA fatigue). The vulnerability can be reduced with number matching. “Number matching is a setting that forces the user to enter numbers from the identity platform into their app to approve the authentication request,” explains CISA (Cybersecurity & Infrastructure Security Agency). The agency recommends using number matching to mitigate MFA fatigue of push notification OTP.

FIDO2

The Fast Identity Online (FIDO) alliance was created to offer a secure way for consumers to authenticate to online services. FIDO Authentication is a global authentication standard based on public key cryptography. With FIDO Authentication, users sign in with phishing-resistant credentials called passkeys. Passkeys can be synced across devices or bound to a platform or security key, enabling password-only logins to be replaced with secure and fast login experiences across websites and apps.

Passkeys are more secure than passwords and SMS OTPs, simpler for consumers to use, and easier for service providers to deploy and manage. The FIDO2 protocol is passwordless and uses standard public key cryptography techniques for stronger authentication.

FIDO security keys or FIDO authenticator

A FIDO security key embeds one or more private keys, each dedicated to one online account. The FIDO protocol requires a “user gesture”: the user needs to unlock the FIDO authenticator using their fingerprint, pressing a button on a second–factor device, entering a PIN or other method – before the private key can be used to sign a response to an authentication challenge.

FIDO passkeys

A FIDO passkey is a digital credential connected to a user account and an application or website. It looks like a digital pop-up on a user’s device and can be immediately accepted by the user. Passkeys can be synced across devices or bound to a platform or FIDO security key and enable password-only logins to be replaced with secure and fast login experiences across websites and apps.

PKI

Public Key Infrastructure (PKI) is the umbrella term for all assets that establish and manage public key encryption, or “a foundational infrastructure component used to securely exchange information using digital certificates,” as Gartner states. Put another way, PKI is the collection of policies, processes, and technologies that allow you to sign and encrypt data, and it underpins the basis of all trustworthy online communication.

PIV

In layman’s terms, a Personal Identity Verification (PIV) is a physical artifact, e.g., an identity card or smart card containing identity credentials (such as biometrics or cryptographic keys) for a double combination of two secure authentication assets “so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer-readable and verifiable).”

CBA

Certificate-based authentication (CBA) allows users to authenticate with a client certificate instead of passwords. Trust is given by the party issuing the certificate – typically a Certificate Authority (CA) when maximum security is desired. Self-signed certificates are also in use but do not provide the same level of validation as a trusted CA. CBA can be used in concert with other methods to create a form of phishing-resistant MFA.

US Executive Order 14028

In 2021, to help protect the United States from increasing cyber threats, the White House issued an Executive Order (EO 14028) to improve security in the Federal Government. By 2024, Federal agencies must enforce MFA to access federal systems using phishing-resistant authentication methods such as Certificate Based Authentication (CBA), Personal Identity Verification (PIV) cards or derived PIV, and FIDO2 authentication.

ENISA guidelines for strong authentication

ENISA recommends the use of phishing-resistant authentication for its superior security. However, ENISA qualified this recommendation by advising that more secure authentication should be used “where possible.” Today, the most widely available phishing-resistant methods are FIDO2 security keys or physical PKI smart cards. Practical considerations in relation to hardware management and provisioning, as well as operational constraints, may limit organizations’ ability to deploy them for all use cases.

CISA guidance on Phishing –Resistant MFA

CISA, America’s cyber defense agency, has released two fact sheets highlighting threats against accounts and systems using certain forms of multi-factor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. CISA recommends that users and organizations see CISA fact sheets Implementing Phishing-Resistant MFA and Implementing Number Matching in MFA Applications

To learn more about phishing-resistant authentication:

View the webinar “Conquer Phishing Attacks with Certificate-Based and FIDO Authentication” from Thales and Microsoft.

Source:  CISA, ENISA, and NIST Glossaries

The post Phishing-resistant MFA 101: What you need to know appeared first on Cybersecurity Insiders.

This is the fifth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here. The fourth blog on API testing for compliance is here.

As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs) The table below lists them.

New entities going through compliance for the first time can provide just the most recent quarter’s worth of each of the applicable scans (and rescans, if necessary) as long as they are “clean”, i.e., they passed all the required elements with no critical or serious findings.

Some of the standard’s requirements must be performed “periodically” which is in quotes because the standard does not define the period covered by that term. As a result, QSAs look to clients to use their risk assessments to define and justify periodicity for the various contexts in which the DSS grants discretion to the assessed entity. Each period thus derived should then be documented in the Entity’s Policy, Procedure, compliance calendar, or internal standards documentation set as appropriate.

Some of the scans prescribed by the standard must be completed quarterly, others annually, and all have the caveat: “and repeated after a significant change”, this accounts for the qualifier “minimum” adjacent to the initial scan counts above.

Please refer to separate guidance on what constitutes a “significant change”.

PCI is VERY unforgiving if ASV scans do not occur within a 90-92 day cadence. Remedial or correction scans must be provided as soon as practicable to prove that the CDE was vulnerable for the shortest practical period. A client may not wait for the next month’s scan to prove remediation. However, if a vulnerability takes a long time to fix, documentation of following the process and mitigating arrangements (such as additional firewall or IDS/IPS configurations) will need to be shown instead.

Many entities miss four of the required quarterly scans since they are not explicitly defined in the Standard but are referenced in Section (not Requirement) 3.1 of the Report on Compliance, which asks about the environment and methodology used to confirm the scope of the CDE. (Requirement 3.1 is in Section 6 of the ROC).

The scan they miss is the one that answers the question “how did you prove there is no cardholder data (CHD) outside the Cardholder Data Environment (CDE)”. Since Requirement 3.1.b asks for proof of a quarterly process to ensure that all legitimate CHD is identified and removed when its retention limit expires, it follows that the scans for unexpected CHD should be subject to at least the same periodicity.

In fact, unexpected CHD can be a breach risk, and while processes should ensure unexpected CHD is impossible to create, staffers can sometimes create ad-hoc processes to overcome limitations of the sanctioned ones. The unexpected CHD could become problematic in many ways. Physical and logical access may not be limited to those with a job-specific function; encryption may not be performed; the process is undocumented and therefore unmaintained; retention may be non-compliant with policies; disposal may be insecure or non-existent.

Two likely places to find unexpected CHD are the test (QA) environment, and operating system-, or web server application-, level crash dumps. For a large organization with many staff, we recommend scanning the systems of all personnel with direct primary account number (PAN) access or implementing a DLP solution that monitors everything real-time.

To close, every scan should be producing log information and even, possibly, alerts about security issues. Some organizations whitelist the tester to allow more in-depth testing after uncredentialed tests are complete, or if the blocking threshold is too low.

Please check the logs to ensure that you are seeing the testing and adjust thresholds or configurations appropriately. If you whitelist the tester or silence the alerts because you “know it’s coming from the testing”, remember to take them off the whitelist and re-enable the alerts after testing completes. It’s also good practice to review the logs and alerts anyway to make sure no-one piggybacked on the testing to achieve anything nefarious.

Required scans

Frequency

Description

PCI DSS v3.2.1 Reference

Quarterly

Non-CDE scans for escaped CHD

ROC Section 3.1 Question #2

Quarterly

Wireless scans

11.1

Quarterly

Internal network vulnerability scan

11.2.1

Quarterly

External vulnerability scan ASV

11.2.2

As needed

Rescans if problems were found

11.2.3

Annually and as needed

External penetration test

11.3.1

Annually and as needed

Internal penetration test

11.3.2

As needed

Remediation and rescan

11.3.3

Annual

(every six months for Service Providers)

Segmentation test

11.3.4

(11.3.4.1 for Service Providers)

Annually and as needed

Software vulnerability scan (different from 11.3)

6.6

As needed

After significant changes

Multiple

 

AT&T Cybersecurity provides a broad range of consulting services to help you out in your journey to manage risk and keep your company secure. PCI-DSS consulting is only one of the areas where we can assist. Check out our services.

The post Scans required for PCI DSS compliance appeared first on Cybersecurity Insiders.

Being a mother and working in cybersecurity necessitates unique skillsets. As mothers, we understand time management, communication, and positive reinforcement. We emphasize the value of clear instructions and providing positive reinforcement. Mothers possess the capacity to remain calm and composed in any circumstance, while also possessing the skillset needed to coach, teach, or evaluate a situation. We excel at active listening which gives us an in-depth comprehension of any issue at hand.

Ultimately, mothers make invaluable assets to the cybersecurity field. We understand the necessity of prioritization and how to make the most out of any situation. We recognize that we cannot have it all at once, but together we can achieve a healthy work/life balance by delegating or outsourcing where feasible. Together, we can secure our futures – both at home and at work – by taking steps towards security today and tomorrow.

Prioritization

Prioritization is an integral element of cybersecurity. Organizations use it to prioritize tasks and resources, detect potential vulnerabilities, take immediate action to reduce the risk of attack, set achievable goals, and stay motivated towards achieving those objectives. By prioritizing their efforts, companies can guarantee their networks and data remain fully safeguarded.

Prioritization helps organizations identify which potential threats and risks are the most critical, so they can prioritize them for priority action. Prioritizing also helps organizations allocate their resources efficiently to tackle the most pressing concerns. By adopting a proactive cybersecurity approach, companies can better safeguard their data, systems, and networks from malicious actors.

Investments in Cybersecurity

When it comes to prioritizing investments in cybersecurity, we understand the critical need for organizations to have adequate resources and technology to protect networks and data. Investing in advanced technology can help organizations stay ahead of threats while providing protection from current ones. Furthermore, investing in training, awareness, and incident response programs helps organizations remain prepared and mitigate any potential risks.

Prioritizing alerts in cyber operations requires organizations to make sure they receive essential information quickly. We believe organizations must be alerted when suspicious activity is detected and be able to act swiftly. Furthermore, organizations must assess potential risks and mitigate them as quickly as possible.

Finally, we understand the criticality of prioritizing active response, risk mitigation, customers, and people – not to mention brand and reputation. Organizations should create an comprehensive active response plan tailored specifically for their requirements. Additionally, we recognize the significance of understanding and managing risk; organizations should prioritize their customers, people, zero trust, brand and reputation to guarantee maximum security.

Overall, mothers can be invaluable resources in this field of cybersecurity. We understand the critical role prioritization plays and how to maximize any situation. By prioritizing investments, alerts, active response plans, risk assessments, customers and people issues as well as zero trust policies – not to mention brand and reputation protection – we can create a cybersecurity strategy that safeguards our organizations from malicious attacks.

The post Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career appeared first on Cybersecurity Insiders.