Category: Gemalto

Cybercrime is something we can no longer avoid. On a regular basis, we hear about companies we have used experiencing a data breach, or a friend or family member who has fallen victim to online fraud. We may even fall victim ourselves – losing money or experiencing stress or disruption.

There’s no shortage of statistics to demonstrate the scale of this problem – and none of them make for easy reading. Here are just a few recent ones, announced ahead of cyber security month:

  • The global average data breach cost was $4.35 million in 2023
  • Half of global organisations experienced fraud in the past two years, the highest level in 20 years of research
  • 48% of organisations reported an increase in ransomware attacks in the past 12 months
  • In the UK, over £2,300 is stolen through fraud every minute

Securing online identities

At the same time as cybercrime has been on the rise, with the dematerialisation of services available online 24/7, we now need to prove our identities or share attributes remotely.

Think of various incidents where you must prove who you are. That could be providing your passport and social security number when starting with a new employer, presenting bank statements and proof of address when applying for a mortgage or loan, or even proving your vaccination status when travelling – just to name a few.

In most of these instances, having to provide these documents online is not just commonplace – it’s the norm. And unless safeguards are put in place, this could further put consumer data at risk.

Convenience causes risky behaviours

Digital means of proving identity are the way forward and provide a number of benefits; customer convenience being one of them. However, if not done in a secure way – it could put the end user’s data at risk.

We previously surveyed consumers from across Europe and found that many people are engaging in risky behaviours when it comes to sharing their identity credentials.

While many see digital IDs as a convenient means of carrying and showing something that needs to be used frequently – only 27% have an official Digital ID. A far higher proportion of consumers rely on screenshots, digital photos or a scan of their physical ID or similar official document.

Even a sizeable majority of those who have official digital IDs admitted that they have these copies or scans on their phones. With malware attacks on consumer devices on the rise, important and incredibly sensitive information is at risk – leaving consumers open to fraud and identity theft.

The move towards EU ID Wallets

We’ve discussed the move towards EU ID wallets and the countdown to eIDAS2 before, highlighting how it’ll impact the everyday lives of citizens, as well as highlighting what consumers want from a wallet.

Progress is being made and, in 2021, the EU announced that an EU Digital Identity Wallet will be made available to all 450 million citizens of the EU free of charge. After pilot phases in 2024, each member states will notify its digital ID Wallet in 2026 to the EU commission as deployments will commence. The wallet will provide users with full control over their personal data and 80% of EU citizens are expected to be equipped by 2030.

One of the biggest drivers behind this scheme is to ensure that every person eligible for a national ID card has a digital identity that is recognised anywhere in the EU. It will provide a simple and safe way to control how much information you want to share with services that require sharing of information.

The shift to sovereign cloud

To accompany digital ID wallet initiatives and the unrelenting shift towards the digitalisation of credentials and personal data, many governments around the world are seriously looking at sovereign cloud.

A sovereign cloud ensures digital and data sovereignty. It is a means to maintain physical and digital control over strategic assets, including data, algorithms, and critical software. It helps ensure that data remains free from external jurisdiction control and provides the right protection from foreign legislatively enforced access.

At Thales, we believe digital ID wallet ecosystems are the future of digital identity. They will enable smooth and trusted proof of ID and entitlement anywhere, anytime while enabling data privacy to move to the next level by offering the most convenient user experience and compliance with the most stringent security and cyber privacy requirements.

For further reading, please check out the below:

The post Cybersecurity month: Why we need to talk about online identities appeared first on Cybersecurity Insiders.

While quantum computing is still very much in its early stages, it’s important that companies are already thinking about this evolving technology – and more importantly implementing and stress testing much needed solutions suitable for a post-quantum world.

In this blog series we have already discussed the evolving threat that is quantum computing, the need for Post Quantum Cryptography, and how security standards are evolving. In this final instalment we’ll be looking at the examples of PQC already in development.

Thales is actively engaged in research and development (R&D) efforts in the field of post-quantum cryptography. Recognising the potential impact of quantum computing on current cryptographic systems, our team is dedicated to developing and advancing secure solutions that can withstand the power of quantum computers.

One of our key objectives is to identity and evaluate the most suitable post-quantum algorithms for different applications and scenarios. This involves thorough analysis and testing to determine the algorithms’ effectiveness against quantum attacks while considering their performance characteristics and compatibility with existing cryptographic infrastructure.

We’re actively collaborating with academic institutions, research organizations, and industry partners to foster innovation and exchange knowledge in the field of post-quantum cryptography.

Some examples of projects, research and initiatives that we are currently involved in include:

Piloting the first successful Post-Quantum phone call

Post quantum threats hold significant implications for situations involving highly sensitive information, such as the exchange of classified data during encrypted phone calls. To address these concerns, Thales helped developed a proof of concept to evaluate the scalability and effectiveness of its quantum-protected mobile solutions.

In this pilot our team successfully experimented end-to-end encrypted phone calls, tested to be resilient in the Post Quantum era.

The pilot was performed with the Thales ‘Cryptosmart’ secure mobile app and 5G SIM cards installed in today’s commercial smartphones, testing a mobile-to-mobile call, voice/data encryption, and user authentication.

Any data exchanged during the call is set to be resistant to Post Quantum attacks thanks to a hybrid cryptography approach, combining pre-quantum and post-quantum defence mechanisms.

PQC Signature Tokens

Thales has been working on PQC Signature Tokens, a revolutionary smart card that incorporates a quantum-resistant digital signature algorithm. This feature can provide organizations with a powerful tool to ensure the integrity and authentication of their data files.

The smart card can securely store the private keys necessary for generating digital signatures. When a user wants to sign a data file, the token utilizes the private key to internally process and create a signature based on the file’s digest. This ensures that the signature is unique to the file and cannot be tampered with or replicated.

To enable verification of the signature, the PQC Signature Token also includes associated public keys. These public keys are certified by a trusted certification authority, allowing recipients of the signed files to check the signature’s validity. By verifying the authenticity and integrity of the file through the certified public keys, organizations can have confidence in the legitimacy of the data.

The certificates associated with the public keys can either be stored within the token itself or accessed from a server in the cloud. This flexibility provides convenience and scalability for organizations, allowing them to manage and distribute the necessary certificates according to their specific requirements.

The TDIS PQC Signature Token represent a significant advancement in data security, particularly in the face of quantum computing threats. With its integration of quantum-resistant algorithm and secure key management, this smart card empowers organizations to protect their data files, maintain data integrity, and establish trust in digital transactions.

We are already involved in two internationally funded projects with the TDIS signature token:

Securing Medical Data with Moore4Medical

Moore4Medical creates connected health products, including connected mattresses – designed to use real-time data and IOT to monitor patient health data and ultimately improve patient outcomes.

However, health data is sensitive and can cause harm if it ends up in the wrong hands – creating security and privacy issues. There is a need for a technical solution that are secure by default, ensuring a true end-to-end data security of the patient data.

We’re collaborating on this EU-funded project to create a quantum resistant e-Passport for sensitive medical sensor data, which will provide enhanced identity and authentication of patients, achieving the necessary performance and functionality levels while guaranteeing security and long privacy protection for this sensitive data.

Securing the Future of Electric Power and Energy Storage with ELECTRON

ELECTRON aims at delivering a new generation EPES platform, capable of empowering the resilience of energy systems against cyber, privacy, and data attacks.

EPES platforms refer to a combination of technologies and infrastructure used for generating, distributing, and storing electrical power. EPES systems are designed to enhance the efficiency, reliability, and sustainability of power delivery and energy management.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme and has the following four task forces:

  1. Shielding the EU borders: Addressing and Mitigating Cyberattacks and Data Leaking in Ukraine
  2. Looking ahead: Providing a Resilient Electric Vehicle Ecosystem
  3. Protecting the Renewables Energy Chain from Cyberattacks and Data Leaking
  4. Proactive Islanding Meets Efficient Threat Detection: Addressing & Mitigating Cyberattacks in the Romanian Energy Chain.

We’re working on the second task help improve privacy and security by adding digital signatures and an auditing mechanism ensure that information come from trusted sources and protect against attacks.

To achieve this, we use a system called TDIS Quantum Cryptography OS to help make the system resistant to attacks from quantum computers. Our team will select the best algorithms for creating signatures on smart tokens. We’ll then show how these algorithms work on smart tokens and EPES systems. We’ll also keep improving the system’s performance and make it compatible with existing methods.

These are just a summary of some of the projects we’re working on in this field. The arrival of quantum computing poses an unprecedented challenge for the global cybersecurity community. Building defences against future threats may seem daunting, but it is an urgent task we must tackle head-on. While the post-quantum era is still a few years away, the increasing prevalence of quantum computing demands immediate action. By actively engaging in pilot programs and trials, Thales and its customers are proactively practicing crypto agility, preparing ourselves for the imminent arrival of this game-changing technology.

The post Getting your organisation post-quantum ready appeared first on Cybersecurity Insiders.

In our previous blog we discussed the emerging technology that is quantum computing, the benefits it brings, but also the risks it can pose to digital identities.

In this next blog we’ll be taking a closer look at Post Quantum Cryptography, and the measures being taken by the industry to secure digital identities in the post quantum era.

Why is this so important? 

Quantum computing poses several risks to digital identities due to its ability to break certain cryptographic algorithms that currently underpin secure communication and digital identity systems. Some of the risks include:

  • Compromising Digital Certificates: Quantum computers could break commonly used encryption and signature methods like RSA and Elliptic Curve Cryptography. These methods are important for secure communications and digital seals. Digital certificates help verify the identity and integrity of digital identities in applications like secure web browsing. Quantum computers can undermine the security of these certificates and allow attackers to create fake ones, pretend to be legitimate entities, and carry out malicious activities.
  • Decrypting Past Interceptions: Quantum computers can potentially decrypt encrypted data that was intercepted in the past. If an attacker stores encrypted communication until a quantum computer is available, they could use quantum algorithms to decrypt the information. This puts previously intercepted data at risk of being exposed.
  • Identity Theft and Fraud: Quantum computing can enable attackers to break the encryption protecting personal information like passwords and credit card numbers. This could lead to identity theft, fraud, and unauthorized access to personal accounts or systems.

Several industry standards are currently being developed and evaluated for post-quantum cryptography. Although the field is still evolving, these are some of the major organizations and initiatives that are actively contributing to the development of industry standards for post-quantum cryptography. Their efforts aim to provide new guidelines, new algorithms, and updated protocols that will ensure the security of digital systems and communications in the presence of powerful quantum computers.

NIST Post-Quantum Cryptography Standardization: The US National Institute of Standards and Technology (NIST) is leading the standardization process for post-quantum cryptography. NIST initiated a project in 2016 to evaluate and select quantum-resistant cryptographic algorithms. Multiple rounds of evaluations and public feedback have been conducted. NSIT has selected four algorithms it will standardize as a result of the Post-Quantum Cryptography (PQC) Standardization Process: CRYSTALS–KYBER, along with three digital signature schemes: CRYSTALS–Dilithium, FALCON, and SPHINCS+.

Internet Engineering Task Force (IETF): The IETF is actively working on standards related to post-quantum cryptography. The Quantum-Safe Cryptography Working Group within the IETF focuses on developing specifications for quantum-resistant cryptographic algorithms and protocols, as well as providing guidance on transitioning to post-quantum cryptography.

European Telecommunications Standards Institute (ETSI): ETSI is also involved in the standardization efforts for post-quantum cryptography. Their Quantum-Safe Cryptography Technical Committee is working on developing standards and guidelines to ensure the security of cryptographic systems against quantum attacks.

International Organization for Standardization (ISO): ISO has established a working group, ISO/IEC JTC 1/SC 27/WG 2, dedicated to the standardization of quantum-resistant cryptographic algorithms. The working group is responsible for developing and maintaining international standards in the field of information security, including post-quantum cryptography.

In part three, we’ll be taking a closer look at the industry examples of post quantum cryptography already in action.

For further reading, please check out the following:

The post Preparing Digital Identity for the Post-Quantum Era appeared first on Cybersecurity Insiders.

Digital identities have had a significant impact on the way we interact, transact, and explore the world around us. However, there is still a limited understanding of what they are and the benefits they have.

In our latest piece for Computer Fraud & Security Magazine, we addressed some of the common misunderstandings around digital IDs, and outlined the potential for enhanced security, efficiency, and simplicity across the digital landscape. Here’s a flavour of some of the key takeaways…

  • Anyone can use them – not just digital natives: Contrary to popular belief that digital identities are exclusively for the tech-savvy, they boast an incredibly user-friendly interface. From a smartphone’s digital wallet, credentials and identity data can be easily pre-loaded, activated via biometric authentication (e.g., facial recognition or fingerprint scanning), and presented as a QR code for swift verification.
  • They’re highly secure and private: With robust biometric authentication and encryption layers, digital wallets provide multi-layered security, guarding your data from unauthorised access. Likewise, with passwords being an outdated form of authentication for online systems, biometrics provide a more resilient means of proving that you are who you say you are.
  • They’re a frictionless and efficient way to prove who you are: The current identity verification landscape is highly fragmented, with various platforms, services and systems complicating user experience. Digital identities offer a seamless solution by centralising authentication, sparing people the hassle of retrieving many different forms of identification from both digital and physical sources.
  • You only need to share the bare minimum of information: While your digital ID may securely host a wealth of information about you, it takes a more granular and controlled approach to data sharing. It will only reveal essential details necessary for specific transactions, and always based on the consent of the user, safeguarding your privacy.
  • They have the potential to be used anywhere: Industries spanning finance, retail, travel, voting, real estate, law enforcement, and online services are embracing the concept of digital IDs. They all hold different forms of identity, from driving licences to boarding passes, qualifications, loyalty cards, and employment status. These all are very different use cases, but all would operate under the same principles.

By building a better understanding of digital IDs, we can accelerate their rollout and maximise their potential to enhance everyday processes.

Learn more here: https://www.thalesgroup.com/en/markets/digital-identity-and-security/digital-id

 

The post Digital identity: Dispelling the myths appeared first on Cybersecurity Insiders.

The potential of the Internet of Things (IoT) is huge, with connected devices around the world holding the promise of a better, greener and safer future.

This makes events like IoT Tech Expo Europe even more important. On the 26th and 27th of September 2023, enterprise leaders from around the world will come together to explore the latest innovations, implementations and strategies – helping them to realise the benefits of IoT and drive their business forward.

So, as 5,000 attendees gather in Amsterdam, what themes should they be looking out for? GSMA’s Global Trends Report provides some insight into the latest developments in IoT that we’ll be watching closely at this year’s event…..

1)      IoT deployments driving the digital transformation agenda: IoT deployments are part of a wider digital transformation agenda for nearly two thirds (63%) of enterprises, according to the GSMA, with revenue generation and cost savings emerging as equally important priorities. This means that in 2023 we can expect to see an incredible two billion new IoT connections globally, with 1.4 billion of those coming from enterprise use cases. Indeed, in 2024 enterprise will surpass consumer in terms of connections.

2)      The evolution of 5G: The vision of a connected world will only become a reality following a successful rollout of 5G-Advanced. IoT devices are putting pressure on current networks, impacting speed and reliability, and driving operators to evolve their strategies. The GSMA’s research found that low-cost IoT is one of the top priorities for 5G-Advanced, with nearly a quarter (24%) of operators saying this was the most important feature to support their network transformation priorities. This reflects a continued push towards B2B services.

3)      Growth in the cellular IoT space: While cellular networks currently serve 15% of total IoT connections, the explosion of the IoT market provides significant room for growth in the cellular IoT space. In fact, according to the GSMA’s research, the number of licensed cellular IoT connections will reach 5.3 billion globally by 2030, up from 2.6 billion in 2022. Within the cellular IoT space, cellular M2M will continue to support IoT devices that require mobility (with 5G enabling lower latencies and higher data transfer speeds for URLLC), while licensed LPWA will support devices previously served by legacy cellular networks (2G/3G).

4)      eSIM technology looking to scale: eSIM technology has long been recognised as a significant enabler of IoT deployments across various industries. The potential for growth is significant, with the GSMA research revealing that 83% of enterprises consider eSIM an important technology to achieve success in their IoT deployments, with best-in-class security and scalability the top eSIM benefits. This presents an opportunity for operators and other providers of eSIM and IoT solutions to meet demand from enterprises. In 2023, the focus will be on advancing eSIM adoption beyond automotive, while demonstrating how eSIM supports the green imperative.

5)      Synergies between IoT and private wireless networks: Enterprises that want private wireless networks also want IoT. Remarkably, around 70% of operators claim that enterprise customers who buy private wireless (4G/5G) also request IoT services occasionally or very frequently, indicating an important synergy between the two services. It is therefore likely that growth in private wireless networks will drive renewed interest and further growth in enterprise IoT.

With innovation in this field accelerating at pace, this year’s event is a good opportunity for enterprise leaders to stay up to date with the latest trends and identify new growth opportunities. The sharing of knowledge and information will ultimately help to pave the way for more robust digital transformation strategies.

Find us at IoT Tech Expo 2023 at stand 120: https://www.iottechexpo.com/europe/partners/thales-dis-france-sas/

 

 

The post Trends to watch at this year’s IoT Tech Conference appeared first on Cybersecurity Insiders.

Digital identification has rapidly become an integral part of our day-to-day lives, simplifying processes for both individuals and businesses.

What was once considered technology exclusive to “tech-savvy digital natives” has now become more mainstream, with large parts of the population embracing digital IDs. This shift has been significantly accelerated by the Covid-19 pandemic and associated lockdowns, which acted as a catalyst for the adoption of digital identity solutions.

Nowadays, using a smartphone to board a plane, store bank cards, or prove vaccination status has become second nature to many of us. The concept of digital identification is fast becoming well-established and has seamlessly integrated into various aspects of our lives, streamlining daily routines and interactions.

Concerns over insecure DIY approaches

Despite the adoption of digital IDs around the world, a Thales survey revealed a troubling trend. Nearly half (45%) of Europeans are currently relying on insecure, unofficial, “DIY” (do-it-yourself) scans and photos of their cards and documents to prove their identity and entitlements.

Storing scans of your official ID documents (such as a passport or a driver’s license) on your devices creates significant privacy and security risks. For example, if your device is lost, stolen, or hacked, then these DIY scans containing all your personal information are vulnerable.

These unofficial ‘DIY’ versions of ID are also susceptible to a specific type of cyberattack – Infostealer. designed to steal sensitive information from infected devices.

One of the biggest risks here is around compromised log-in credentials. Infostealers can steal log-in credentials, usernames, and passwords to access email accounts, which is where scans of a user’s ID documents are frequently found. ID scans stored in photo libraries on mobile phones can also be exploited.

Further to this, the sensitive and personal information contained in these unofficial IDs could be used by bad actors to commit identity theft and financial fraud.

The security versus convenience paradox

Results from Thales’ study revealed some conflicting attitudes towards security among digital ID users. Even though security is of paramount importance, a significant proportion are still taking unnecessary risks by storing scans of official documents on their devices.

This contradiction highlights the need for a comprehensive and universally accepted Digital ID solution that ensures both convenience and security.

The three pillars of trusted digital identity

At Thales, we believe that trusted digital identity relies on three key pillars: convenience, security, privacy.

As digital ID becomes increasingly integral to our lives, it is crucial to address the security concerns and replace insecure DIY practices. The growing threat of “infostealers” – alongside the contradictory priorities towards security – reinforces the urgency of a robust and reliable Digital ID infrastructure.

By embracing secure digital identity solutions, we can safeguard sensitive information, protect individuals and businesses from cyber threats, and foster a safer and more digitally integrated society.

 

 

The post Unofficial digital IDs – what are the risks? appeared first on Cybersecurity Insiders.

How biometrics can help to make our world a safer place

We’ve recently been exploring biometric technologies on this blog and how they have become a part of our everyday lives, helping us to move, travel and pay more seamlessly. Indeed, fingerprints, retinal scans, voice identification and facial recognition have all become invaluable tools to help us access essential services and experience the world around us.

But it’s important to remember that the benefits of these technologies extend far beyond convenience; they also play a crucial role in ensuring our safety and protection. Here are three ways biometric technologies can help to ensure public safety…

  • Criminal forensics and the identification of suspects: Biometric technologies can speed up the identification of criminals. Indeed, fingerprint identification systems have been relied upon by law enforcement agencies for over a century. In the United Kingdom, for example, the Metropolitan Police has been using biometrics for identification since 1901.

Over the years, criminal investigations have grown to include other biometric technologies including DNA, palmprint, face, and iris – further helping to expediate the identification process. And now, multi-biometric identification solutions allow crime scene investigators and forensics experts to analyse physical evidence from the field. They are available wherever frontline staff are, right in the palm of their hands, to simplify and accelerate the process.

Ultimately, faster and more accurate identification of repeat offenders will help to take criminals off the streets, contributing to a safer society.

  • Efficient border security: Biometric-enabled self-service kiosks and eGates have revolutionised border control. They allow border agencies to adequately face the challenge of processing an increasing number of travellers – without compromising security.

The inclusion of biometric data provides a faster and more accurate means of making sure all persons entering or leaving the territory are who they say they are. This helps to counter illegal immigration and terrorism, thereby reinforcing the country’s borders and keeping citizens safe.

  • Preventing identity theft: Biometric technologies also offer enhanced protection against impersonation and identity theft. By integrating biometric data such as fingerprints into ID documents, or by using electronic identification (eID) that embed a digital version of the user’s photograph, issuers can make it significantly more challenging for fraudsters to compromise or forge official forms of identification. This leads to fewer fraudulent documents – which would have been used for profit or criminal activities – and the securing of citizens’ identities.

Looking ahead, law enforcement agencies will need to adopt biometrics more widely to support efficient operations. However, this is an area where responsibility must always come before innovation. With biometrics relying on the access and use of citizens’ most personal information, these deployments must be handled with the utmost sensitivity and strong ethical principles.

Thales brings decades of experience in secure identity management, biometrics, and cybersecurity. Our global leadership in data protection helps us to make sure citizens can experience the world safely and securely.

Read more about our approach to biometrics and how we build trust with both consumers and service providers here: https://www.thalesgroup.com/en/worldwide/group/magazine/thales-true-technology-responsible-biometrics

The post Biometrics in law enforcement appeared first on Cybersecurity Insiders.

It’s been over four years since 5G was introduced and the technology has now been rolled out across all the world’s major economies. So, we’re starting to think about what’s coming next….

Expansion into emerging markets

With 5G already embedded across North America, Europe and leading economies in Asia, it is a maturing technology. The pace of 5G adoption globally is increasing, and its deployments across India and Nigeria are indicative of its growing role in global communications.

The next phase of 5G will see its continued expansion into emerging markets with planned networks expected in Turkey and southern Africa over the next few years. In fact, according to GSMA Intelligence data, over half of mobile connections are expected to be via 5G by 2030.

With mmWave (MMW) providing a considerably higher capacity, there is an ongoing debate over whether 5G represents a long-term alternative to traditional fibre broadband. However, in markets where the physical infrastructure for fibre does not exist, it is easy to see that 5G is ideally suited.

Adapting to evolving digital behaviours

Shifting patterns in business and consumer behaviour will continue to shape how 5G is deployed. Indeed, digital transformation in industry and beyond will see the volume of data traffic continue to boom, resulting in heightened demand for 5G as existing networks struggle to cope.

This digital transformation is also leading to the development of more 5G capable technology. The growing number of use cases will continue to drive demand for 5G services as the limited capacity of previous generations of mobile connectivity fall short.

The development of 5G-Advanced

At the heart of the next phase of 5G is the development and introduction of 5G-Advanced. An important next step on the path to 6G, 5G-Advanced will deliver improved support for extended reality (XR) technology, enabling more seamless VR, AR and cloud gaming programmes. It will also make use of the latest developments in AI to improve network energy efficiency, load balancing and mobility management.

5G-Advanced will also support multicast services – a key priority for network operators. This allows for the transmission of the same data across a network of devices which is essential in mission critical group communications such as for the emergency services.

5G-Advanced Internet of Things (IoT) solutions such as connected vehicles, smart metres and remote monitoring tools will account for a significant share of 5G connections – and these will be increasingly available at a much lower cost.  This will further fuel the adoption of 5G-Advanced as it becomes more accessible to businesses with varying degrees of capital.

Beyond this, Satellite 5G (Non-Terrestrial Networks) will benefit us all by bridging the digital divide and providing ubiquitous connectivity.

A promising outlook

The rollout of 5G has already resulted in a dramatic shift in how we use mobile technology – and it is meeting several other priorities for network operations including positioning accuracy and enhanced integration with drone and satellite technology.

Ultimately, by embracing 5G innovation, we will achieve significant benefits – notably the digital transformation of enterprises which will lead to higher productivity and economic growth. Additional advantages include better digital access, reduced travel time, more engaging consumer services and new opportunities to create a more sustainable world.  SIMs and eSIMs  are crucial here to enable the full 5G promise to both enterprises and users.

There are huge societal benefits of 5G and the industry needs to keep pushing the boundaries of what’s possible. Find out more about the evolution of 5G in the latest report by GSMA Intelligence: https://www.thalesgroup.com/sites/default/files/database/document/2023-02/tel-global-mobile-trends-2023.pdf

The post Introducing the next phase of 5G appeared first on Cybersecurity Insiders.

Phishing is the most frequently deployed method used by criminals to initiate a cyber attack, according to research from IBM. Phishing is designed to trick users into clicking on links or downloading attachments that either install malware or give unauthorized users access to company systems.  

With the growth in AI tools recently, phishing attempts are becoming even more sophisticated and harder to spot. The outcomes of a successful attack can have wide reaching and devastating consequences. Not testing the awareness of phishing among employees, however, is worse.  

Protect your digital assets with simulated phishing attacks 

The best approach to enhance vigilance among employees and safeguard your digital assets is by conducting controlled phishing campaigns, which train employees to recognize and mitigate potential risks. But even after sending out mock phishing e-mails, the outcome can be hard to predict. Will a lot of users click on the link and submit their credentials on our ‘malicious’ website?  

Top tips to improve your phishing campaign 

Lots of employees falling for a phishing campaign may seem like the antithesis of the exercise. But, for those employees who think they are savvy to all the risks, it will be a stark warning for just how sophisticated phishing has become, and how easy it is to fall victim.  

Want to know how to make your phishing campaign more successful? Then continue reading a find our three most valuable tips to improve your phishing campaign, your company’s security awareness, and your cyber security. 

Pressure users to perform an action 

Step one: craft a phishing email scenario that taps into your employees’ interests. When December arrives, what better way to grab their attention than by discussing Christmas gifts? Who wouldn’t be excited about that? By playing on their curiosity and excitement, you increase the likelihood that your employees might overlook certain details in the email, making them more susceptible to falling for a phishing attempt. 

Keep it short and concise 

Second, make sure that the phishing e-mail is short and to the point. Just a quick message with an added link to the page where the employee can submit their Christmas gift preference, for instance. Tone will also be essential here; if it’s for a gift, keep it light and informal. If it relates to a task that needs completing urgently, make sure the message is formal and leans on the importance of the task to the business. This approach increases the chance that users will read the whole e-mail without questioning about its legitimacy, and will eventually click on the malicious link and submit their credentials. 

Make it urgent and add a deadline 

The third and final tip is to create a form of ‘time pressure’ for the user, related to Cialdini’s scarcity principles. Sticking with the Christmas scenario, you can write down that employees have to respond before a certain day in order to receive their gift, so they feel pressured to submit their choice quickly. That psychological time pressure decreases the chance that the user will deeply inspect the phishing e-mail and recognizes it as a malicious message. This results in a higher chance of employees submitting their credentials. 

Now that we’ve covered all three tips, it’s time to put them into action in your next phishing campaign and set yourself up for great success. Remember to follow up with additional training as necessary to reinforce these learnings. Stay tuned for more insightful blogs where we’ll delve deeper into the fascinating world of phishing. 

 

For further reading please check out the following:  

The post How to make your phishing campaign a success appeared first on Cybersecurity Insiders.

Whether you work in the tech field or not, it’s likely that you’ve increasingly heard of quantum computing.  

As with any emerging technology, along with all the possibilities there are also potential risks. We’ll be unpacking these latest developments, what it means for the digital identity market, and what Thales is doing in response.  

 In this blog we’ll be giving an introduction to quantum computing, and what this means for security and cryptography.  

What is quantum computing?  

Quantum computing is a type of computing that uses quantum mechanics to perform calculations much quicker than traditional computers.  

By using quantum algorithms, these computers can perform calculations that are faster than classical computers for certain types of problems, such as those involving prime factorization or optimization. Think of it like a maze. A classical computer solves the maze by exploring each path one at a time until it finds the right one. A quantum computer can explore all possible paths at once, which means it can solve the maze much faster. 

 As a relatively new and rapidly developing field of technology, there are still challenges to overcome before it has practical applications. However, quantum computing possesses the potential to revolutionize the way our digital infrastructures are secured. 

What security risks does quantum computing carry?  

As with any new technology, as well as rewards there are also risks. Because quantum computers can solve certain problems that classical computers can’t, it could potentially break many of the cryptographic systems we use today.  

 Quantum computing poses a potential risk to digital identities due to its ability to break traditional encryption methods that are commonly used to protect sensitive data, including personal and financial information. 

The majority of encryption methods rely on the difficulty of factoring large numbers into their prime factors. However, quantum computers can perform certain calculations much faster than classical computers, including factoring large numbers using Shor’s algorithm. This means that quantum computers could potentially break widely-used encryption algorithms like RSA and Elliptic Curve Cryptography (ECC), rendering digital identities vulnerable to theft, fraud and exploitation. 

 Additionally, quantum computers could also be used to ease the finding of collisions in  the hash functions that are used to create and authenticate digital signatures, thus allowing to impersonate legitimate digital identities 

 The rapid development of quantum computing represents a challenge to the security of digital identities, and new methods of encryption and authentication may need to be developed to keep pace.  

What is post quantum cryptography, and how can it help?  

Post-quantum cryptography (also known as quantum-resistant cryptography) is a type of cryptography that aims to develop new cryptographic algorithms that are resistant to attacks by quantum computers.  

Post-quantum cryptography aims to develop new cryptographic algorithms that are secure against attacks from both classical and quantum computers. These algorithms typically rely on different mathematical problems that are believed to be hard to solve, even for quantum computers. For example, some post-quantum cryptographic algorithms are based on lattice-based cryptography, code-based cryptography, or multivariate cryptography. 

As quantum computing technology continues to evolve, post-quantum cryptography is becoming increasingly important in securing sensitive data and communications. Governments, financial institutions, and other organizations are actively exploring and investing in post-quantum cryptographic solutions to ensure that their sensitive data and communications remain secure in the face of quantum computing attacks. 

For further reading, please check out the following:  

The post What is post-quantum cryptography and why is it important? appeared first on Cybersecurity Insiders.