Recent events have forced CISOs across all industries to rethink and refine their business continuity plans, write Alain Sanchez and Joe Robertson, chief information security officers at Fortinet.

Not only did the pandemic force organizations to transform their networks to accommodate moving their traditional workforce to work from home (WFH) status, it also forced cybercriminals to adjust their tactics as well.

In the months since the pandemic began, security researchers have documented a dramatic switch in both focus and tactics on the part of cybercriminals. IPS sensors, for example, reported a dramatic drop-in malicious activity aimed at traditional network devices. And at the same time, there has been a corresponding spike in attacks targeting remote workers through attacks targeting email systems, work devices, and home networks.

No plan survives first contact with the enemy

All of this happened at the same time that IT teams were scrambling to ensure that remote workers had access to critical resources. Exponentially expanding support for VPN connections was only part of the overnight battle. In the ensuing activity, some basic security controls such as ensuring that end-user devices were secured, connections were encrypted, and encrypted traffic was inspected fell by the wayside for some.

Even highly prepared organisations found that essential security functions were either not in place, could not scale adequately, or did not perform as expected.

As a former heavyweight boxing champion once famously said, Everyone has a plan until they get punched in the mouth. This sentiment succinctly describes the past several months, and there is an important lesson there for CISOs for the next phase of designing business continuity plans. And that is the need to insert agility into the traditional security trinity of confidentiality, integrity, and availability.

In addition to building systems and strategies designed to keep things private, detect and prevent changes to systems, and ensure networks and devices perform at the required level of service, those systems also need to be able to quickly and automatically adapt to change.

Cybercriminals understand the need for agility

The cybercriminal community has already embraced agility as critical to their operations, moving as fast as the news does. Plus, as the technology used to track them has improved over time, it has forced cyber attackers to adapt and switch tactics faster than before. The most effective cybercriminals run exceptionally agile operations.

Literally within hours of the global pandemics first impact, the Dark Web was filled with bogus offers for medical equipment and medicines, and new attacks, such as ransomware-as-a-service offerings, that could be easily coupled with phishing campaigns. There was also a spike in the prevalence of older exploits targeting consumer-grade networking gear, gaming devices, and entertainment systems connected to remote workers home networks.

This tactic was successful. 60% of organizations revealed an increase in cybersecurity breach attempts following their transition to telework, and 34% reported actual network breaches. Attackers also rely on agility to quickly exploit new unpatched vulnerabilities, live off the land after a successful breach, and evade detection.

Three areas to augment with agility

In response, defenders need to elevate agility beyond a design principle and make it a true end goal, whereby agility is woven into every corner of their security fabric. Following are three areas where agility needs to be aggressively developed and integrated into the broader security strategy.

* Network access agility BYOD, mobility, and IoT have changed the game in terms of network access and, as trends, will defeat any CISO who doesnt have agile network access controls, device visibility, and management solutions in place. Long before the pandemic, an astounding 60% of employees used their personal devices for work purposes. That number has not only risen dramatically since the recent transition to a remote workforce, but those devices are also accessing more critical data and resources than ever before. Even more alarming, but not surprising, is that more than 80% of employees admitted to using unsanctioned web apps for work. Microsofts prediction that 25% of all attacks will target IoT devices this year is now looking to have been a low estimate, given the spike in detected botnets especially the recent growth in the use of older botnet malware, including Mirai and Gh0st. Mirai, first seen in 2016, had moved back into first place among global botnet use by early May, suggesting cybercriminals sought to gain a foothold in enterprise networks by exploiting unpatched devices in home networks. Coming in second was Gh0st, a malware-botnet family originally from 2014, that also targeted WFH users and applications. Gh0st is a remote access botnet that allows an attacker to take full control of an infected system, log keystrokes, hijack live webcam and microphone feeds, download and upload files, and engage in other nefarious activities. A flexible cybersecurity architecture helps organizations not only deploy appropriate controls but automatically keep them updated as new device types are introduced continuously, regardless of whether or not theyve been seen before. And new technologies like SASE enable users to connect from their new home office in the kitchen, basement, or spare room using any device, through any means, to anywhere, securely.

* Multi-Cloud agility The clouds original appeal was that it would be a cheaper place to host data and network infrastructure. But its foremost attribute has turned out to be flexibility. An effective multi-cloud strategy enables the fast establishment of and changes to data stewardship and infrastructure. CISOs can likewise leverage the cloud to enhance the availability and survivability of their networks. They can do so by agilely acquiring or dropping cloud security services and capacity in response to, or even in anticipation of, operational needs. This requires a combination of hardware and virtual-based firewall and other security capabilities that can be agilely deployed, configured, and centrally managed. It also needs to be coupled with a secure means to reach cloud-based resources (for example, through SD-WAN). This not only enables remote workers to access critical applications and services but also becomes the conduit whereby cloud and on-prem security systems can dynamically complement one another.

* Cryptographic agility Today, all Internet security especially in WFH environments is utterly dependent on cryptography for authentication, confidentiality, and integrity (and more). If an adversary can compromise your cryptography, they completely own your companys data and infrastructure. But thats not all. Cybercriminals are also leveraging encrypted tunnels to move malware into and data out of corporate networks. They are counting on the fact that companies do not have adequate horsepower built into their edge security to inspect encrypted traffic.

Addressing these challenges requires two strategies. The first is to establish crypto agility. The good news is that strong cryptographic algorithms, correctly implemented and configured, are unbreakable. But with the stakes so high, organizations need the ability to change to a new cryptographic key and algorithm if an existing one is compromised. CISOs need to ensure that their equipment is crypto agile so they can move from asymmetric algorithms to quantum-resistant algorithms.

The second is scalable performance for edge security devices. The security tools tasked with decrypting and inspecting traffic are notoriously underpowered. This became a critical issue during the transition to WFH, leaving critical traffic either unencrypted or uninspected. Security devices need to be powered by purpose-built processors that enable massive scalability of services without compromising performance or user experience.

Expanding agility to your entire security strategy

Moving to an agility-centric strategy for business continuity planning complements and completes the traditional CIA security hierarchy, enabling a CISO to leverage additional capabilities based on agility. For example, deception technologies can change security configurations to become less predictable (unpredictability being the nemesis of attack planners). ML (machine learning) and AI-based tools can similarly leverage speed and data correlation to out-maneuver an adversary whose attack strategy relies on land and expand techniques.

Conventional wisdom says that success is the result of combining opportunity with preparation. An agile cybersecurity foundation embraces that approach. By acknowledging and addressing the unpredictable nature of defending dynamic systems, organisations can withstand the inevitable cyber equivalent of getting punched in the mouth.

Related

Original post:
How to advance agility in your workplace - IT-Online

LocalBitcoins, a leading peer to peer (P2P) Bitcoin exchange, notes that with the advent of quantum computing, there have been concerns that this new technology could be a threat to existing online protocols. Some experts claim that powerful quantum computers might become a legitimate threat to the security of Bitcoin (BTC) and the current encryption algorithms that it uses.

According to LocalBitcoins:

While the threat of quantum computing to Bitcoin is to be taken seriously, experts believe that Bitcoin [and other cryptocurrencies] have time to adapt to the quantum age without compromising [their] security in the process.

As explained in a blog post by LocalBitcoins, Bitcoin or BTC and its blockchain-based network is secured by cryptographic algorithms, which is why its called a cryptocurrency. Cryptography allows developers to protect certain sensitive data and communication on a platform so that only the parties authorized to view the information can access it. The LocalBitcoins team notes that cryptography uses several different algorithms, and Bitcoin depends on them to function properly.

At present, these algorithms are almost impossible to break, but quantum computers may spell trouble to these algorithms in various ways, according to LocalBitcoins.

They explain that the idea or concept behind quantum computing is to go beyond the power of traditional computers by leveraging quantum mechanics, a field in physics that describes behaviors on a subatomic scale. They also noted that when unobserved, subatomic particles can exist in multiple places at once, however, when [they have been] detected, they collapse into a single point in space-time.

They further explain:

Traditional computers operate with bits which encode either a 0 or a 1, while quantum computers use quantum bits, or qubits, which can be both a 0 or a 1 at the same time. This phenomenon is known as superposition which allows a huge amount of calculations to be carried out simultaneously.

They continued:

Bitcoins algorithm most at risk from quantum computing is its signature algorithm that uses ECDSA (Elliptic Curve Digital Signature Algorithm) [which] is used to generate the public/private key pair to sign Bitcoin transactions securely (sending and receiving coins). ECDSA uses asymmetric encryption, and the reason for it being secure comes from the need to factor multiple large prime numbers to break the algorithm. Breaking ECDSA and deriving a private key from a public key using current computers would take such an astronomical amount of time that it wouldnt even be realistic to try it out.

But with quantum computers that support parallel calculation, this same process can be carried out a lot more efficiently, and multiple types of attacks then become possible, the LocalBitcoins team noted.

They explained that the first one of these potential attacks aims to target re-used addresses. When a transaction is performed, your public key becomes visible on the blockchain or a distributed ledger technology (DLT) network. The LocalBitcoins team adds that knowing your public key, an attacker whos using quantum computers may then use your public key to derive your private key. After theyve determined what your private key might be, they can begin signing transactions on your behalf which means they can also spend your Bitcoins or any other cryptocurrency.

LocalBitcoins clarifies that addresses that have not been used to send transactions are quantum-safe because quantum computers cant read their public key.

LocalBitcoins further noted that another possible attack is the double-spend attack. This measures how fast a quantum computer can derive your private key from the already visible public key. They pointed out that if an attacker can do this before your transaction is confirmed multiple times in a block, you are essentially both trying to spend the same bitcoin, and the attacker wins.

They also mentioned:

Bitcoins hashing function used in the block creation is even more robust in the face of a quantum threat than its signature algorithm. The algorithm Bitcoin uses in its mining process is called SHA-256. When a miner solves a block and receives the right to add it to the blockchain, that miners transactions become confirmed, and part of the ledger.

They further explained:

To solve a block, a miner needs to guess a nonce, or a value that after a hash is applied, results in a number that has a certain number of leading zeroes. As a miner, you cant start from a valid result and then generate the correct nonce from it. You have to randomly guess it. This takes a lot of computing power and is behind the proof-of-work securing Bitcoins network. If the SHA-256 was broken somehow, an attacker could mine new blocks at will and earn all Bitcoin block rewards.

LocalBitcoins notes that existing quantum computers are only operated in labs and still appear to be a long way from becoming a legitimate threat to Bitcoin and other cryptocurrencies. According to estimates, a quantum computer of around 4000 qubits would be required to break Bitcoins code, while the most powerful quantum computers available right now operate with only about 50 qubits.

Industry experts predict that quantum computing machines may begin to break binary based encryption algorithms within the next decade unless theres an unexpected mathematical or physical breakthrough before that.

The LocalBitcoins team added:

When the quantum threat becomes more imminent, cryptography will have moved to more quantum-proof algorithms. In the process, Bitcoins algorithms would have become quantum-resistant as well. This can be achieved by hard-forking (backwards incompatible upgrade) the Bitcoin blockchain by consensus among the Bitcoin nodes, so it will be secure from quantum attacks.

They continued:

As long as multiple users have access to a quantum computer, no single entity will be able to gain dominance over Bitcoin mining. Perhaps in the future Bitcoins blockchain will be operated completely by nodes running on quantum computers.

The rest is here:
Threat of Quantum Computing to Bitcoin Should be Taken Seriously, But theres Enough Time to Upgrade Current Security Systems, Experts Claim -...

Bitcoin has not recently been an innovator, introducing a rush of digital forms of money based on a decentralized distributed organization, its gotten the true norm for digital currencies, motivating an ever-developing army of adherents and side projects. If you are interested to invest in bitcoin, visit Immediate Edge App

What Are Cryptocurrencies?

Before we investigate a portion of these options to Bitcoin, how about we step back and quickly analyze what we mean by terms like digital money and altcoin. A digital currency, comprehensively characterized, is virtual or advanced cash which appears as tokens or coins. While some cryptographic forms of money have wandered into the physical world with Mastercards or different ventures, the vast dominant part remains completely impalpable.

The crypto in digital currencies alludes to confounded cryptography which considers the creation and handling of computerized monetary standards and their exchanges across decentralized frameworks. Close by this significant crypto highlight of these monetary standards is a typical responsibility to decentralization; cryptographic forms of money are normally evolved as code by groups who work in components for issuance (frequently, despite the fact that not generally, through a cycle called mining) and different controls.

In addition, the field of cryptocurrency forms is constantly evolving, and everyone in the cryptocurrency network knows that the following extraordinary computerized tokens may be delivered tomorrow. Although it is generally believed that bitcoin is a pioneer in the digital currency field, experts have accepted many methods for evaluating tokens other than BTC. Its normal, for example, for examiners to characterize a lot of significance to the positioning of coins comparative with each other regarding market top. Weve figured this into our thought, yet there are different reasons why an advanced token might be remembered for the rundown too.

Ethereum is our main Bitcoin selector. Ethereum is a decentralized programming stage that makes the construction and operation of smart contracts and decentralized applications free from external personnels personal time, extortion, and control or obstruction. Applications on Ethereum run on its underlying explicit encryption token ether.

Ether resembles a vehicle for moving around on the Ethereum stage and is looked for by general engineers hoping to create and run applications inside Ethereum, or now by speculators hoping to make an acquisition of other advanced monetary standards utilizing ether. Ether, dispatched in 2015, is presently the second-biggest computerized cash by market top after bitcoin, despite the fact that it falls behind the predominant cryptographic money by a huge edge. As of January 2020, the market size of Ethereum is about 1/10 that of Bitcoin.

During 2014, Ethereum dispatched a pre-deal for ether which got a staggering reaction; this assisted with introducing the age of the underlying coin offering (ICO). As indicated by Ethereum, it very well may be utilized to arrange, decentralize, secure, and exchange pretty much anything. After attacking the DAO in 2016, Ethereum became part of Ethereum classic (ETC). As of January 8, 2020, the market size of ETH was $15.6 billion, and each symbolic estimate was $142.54.

Wave is an ongoing worldwide settlement network that offers a moment, certain, and eases global installments.Ripple released in 2012, enable banks to continuously complete inter-departmental installments at a lower cost and begin to complete directness. Ripples agreement record (its strategy for compliance) is extraordinary in that it doesnt need mining.

In fact, the entirety of Ripples XRP tokens were pre-mined before dispatch, implying that there is no creation of XRP after some time, just the presentation and expulsion of XRP from the market gracefully as per the organizations rules. Thus, Ripple separates itself from bitcoin and numerous different altcoins. Since Ripples structure doesnt need mining, it decreases the utilization of registering power and limits network idleness

Litecoin, dispatched in 2011, was among the principal digital currencies to follow in the strides of bitcoin and has regularly been alluded to as silver to bitcoins gold. Litecoin relies on an open-source global installment network that is not restricted by any focusing ability and uses scripts as proof of work, which can be decoded using buyer-level CPUs.

Despite the fact that Litecoin resembles bitcoin from various perspectives, it has a quicker square age rate and thus offers a quicker exchange affirmation time. Other than designers, there is a developing number of vendors who acknowledge Litecoin. As of Jan. 8, 2020, Litecoin had a market top of $3.0 billion and a for each symbolic estimation of $46.92, making it the 6th biggest cryptographic money in the world.

Tie was one of the first and generally famous of a gathering of supposed stablecoins, cryptographic forms of money which mean to peg their reasonable worth to cash or other outer reference points in order to lessen instability. Since most advanced monetary forms, even significant ones like bitcoin, have encountered incessant times of sensational instability, Tether and different stablecoins endeavor to streamline value changes so as to pull in clients who may some way or another be wary.

Bitcoin Cash (BCH) holds a significant spot in the historical backdrop of altcoins in light of the fact that it is one of the soonest and best hard forks of the first bitcoin. In the digital currency world, a fork happens as the consequence of discussions and contentions among designers and diggers. Because of the decentralized idea of advanced monetary standards, discount changes to the code hidden the token or coin within reach must be made because of a general agreement; the component for this cycle differs as per the specific cryptographic money.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to ourTwitterorFacebook.

View post:
5 most important cryptocurrencies other than bitcoin - KnowTechie

The encryption software market will surpass the $21 billion mark by 2026. In 2019, on-premise deployment model accounted for more than 70% of the overall encryption software market share. The growth stemmed from the preference of enterprises to implement on-premise deployment model approach owing to the high level of security required for handling sensitive data in-house.

Moreover, enterprises are preferring to operate on a cloud-based deployment model, which will foster industry demand. Cloud platforms for saving enterprise data are gaining significant traction on account of cost benefits and high scalability. Such benefits offered by cloud-based deployment model are expected to escalate encryption software market size.

Get sample copy of this research report @ https://www.decresearch.com/request-sample/detail/4484

Increasing number of data breaches and cybercrimes and supportive government policies will enable encryption software market to witness a bullish growth over the coming years. This can be validated by the draft of an encryption law published by Chinas State Cryptography Administration (SCA) in November 2019. The draft was issued to bring about encryption in the private & public sectors and set guidelines on the use of cryptography for protecting national security.

Cybersecurity vendors are addressing evolving threats by offering security threats, resulting in the higher implementation of email, mobile, and disk encryption capabilities, which will spur encryption software industry growth.

Email data protection software is highly being adopted by companies as sending an email is the most general communication method used. Security software has found extensive applications to identify thefts, phishing, and protect data from malware. The software protects a multitude of aspects of email systems, such as email access, content or media attachments.

The data is encoded by the software in transit to ensure the security of sensitive data under the regulatory compliance. Estimates claim that email encryption software market will account for more than 25% of the overall market share by 2026.

The protection of customer data during online retail operations has become a crucial requirement these days. Third-party services in the retail sector are observing wide adoption to optimize customer experience on websites and support online transactions, resulting in a higher number of data breaches.

As per a report issued by Thales eSecurity, in 2018, almost 75% of the U.S. retailers have experienced a breach, which was 52% in 2017. The demand for cybersecurity solutions is expected to depict an upsurge from 2020 to 2026 to prevent theft and protect customer information.

Latin America has been witnessing increasing incidences of cyberattacks on the business-critical infrastructure. The use of digital platforms in the region for conducting business transactions has led to the regional governments introducing various initiatives to support cybersecurity.

Request for customization @ https://www.decresearch.com/roc/4484

For example, since December 2019, numerous Mexican institutions, such as the National Defense Ministry (Sedena), Mexico Central Bank, the House of Representatives, and Mexico Supreme Court registered over 45 million tried attacks to access databases and steal information. In accordance, Latin America encryption software market is projected to witness an 18% CAGR over 2020-2026.

Table of Contents (ToC) of the report:

Chapter 1. Methodology & Scope

1.1. Methodology

1.1.1. Initial data exploration

1.1.2. Statistical model and forecast

1.1.3. Industry insights and validation

1.1.4. Scope

1.1.5. Definitions

1.1.6. Methodology & forecast parameters

1.2. Data Sources

1.2.1. Secondary

1.2.1.1. Paid sources

1.2.1.2. Public sources

1.2.2. Primary

Chapter 2. Executive Summary

2.1. Encryption software market 360 synopsis, 2015 2026

2.2. Business trends

2.3. Regional trends

2.4. Component trends

2.4.1. Software trends

2.4.2. Service trends

2.5. Deployment model trends

2.6. Application trends

Chapter 3. Encryption Software Market Insights

3.1. Introduction

3.2. Industry segmentation

3.3. Industry landscape, 2015 2026

3.4. Evolution of encryption software

3.5. Encryption software industry architecture

3.6. Encryption software industry ecosystem analysis

3.7. Technology & innovation landscape

3.7.1. Quantum cryptography

3.7.2. Honey encryption

3.7.3. Lattice based cryptography

3.8. Regulatory landscape

3.8.1. North America

3.8.1.1. ENCRYPT Act of 2019 (U.S.)

3.8.1.2. Gramm-Leach-Bliley Act of 1999 (U.S.)

3.8.1.3. Personal Information Protection and Electronic Documents Act [(PIPEDA) Canada]

3.8.2. Europe

3.8.2.1. General Data Protection Regulation (EU)

3.8.2.2. Data Protection Authority (DPA) regulations on the transmission of personal data by e-mail (Denmark)

3.8.3. APAC

3.8.3.1. National Law on Cryptography (China)

3.8.3.2. Guide to securing personal data in electronic medium (Singapore)

3.8.4. Latin America

3.8.4.1. Law No. 9,296 of July 24, 1996 (Government Access to Encrypted Communications, Brazil)

3.8.4.2. National Directorate of Personal Data Protection (Argentina)

3.8.5. MEA

3.8.5.1. Policy of Control and Licensing of Commercial Encryption Items (Israel)

3.8.5.2. Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002 (RICA- South Africa)

3.9. Industry impact forces

3.9.1. Growth drivers

3.9.1.1. Stringent regulations on cybersecurity and data privacy compliances

3.9.1.2. Rising concerns over securing enterprise Intellectual Property (IP) assets

3.9.1.3. Increasing proliferation of cloud and virtualization technologies

3.9.1.4. Growing trend of Bring Your Own Devices (BYOD) among enterprises

3.9.2. Industry pitfalls & challenges

3.9.2.1. Complexities in encryption key management

3.9.2.2. Easy availability of pirated and free-to-use encryption software

3.9.2.3. Regulatory restrictions on cryptography and encryption

3.10. Growth potential analysis

3.11. Porters analysis

3.12. PESTEL analysis

Browse complete Table of Contents (ToC) of this research report @ https://www.decresearch.com/toc/detail/encryption-software-market

Read more:
Encryption Software Market Report 2020| Regional Analysis & Growth Forecast to 2026 - News by Decresearch

James is editor in chief of TechForge Media, with a passion for how technologies influence business and several Mobile World Congress events under his belt. James has interviewed a variety of leading figures in his career, from former Mafia boss Michael Franzese, to Steve Wozniak, and Jean Michel Jarre. James can be found tweeting at @James_T_Bourne.

Verizon has announced the launch of a blockchain-based product which aims to provide an authoritative record of changes to company news releases.

Full Transparency by Verizon is a proof of concept built with open source blockchain technology. The product is put together in partnership with AdLedger, a consortium which explores standards for blockchain and cryptography in media and advertising, authentication infrastructure provider MadNetwork, and marketing company Huge.

Verizon noted the rationale and idea behind the product:

Full Transparencys goal is to change the way corporate newsrooms provide visibility to their readers and hold themselves accountable for what they communicate to the public, the company wrote. Official news releases that incorporate Full Transparency are tracked on the blockchain ledger, so news releases or statements can be treated as authoritatively reflecting what was intended to be released.

All news releases published to the Verizon Newsroom will be secured and bound using cryptographic principles, so that subsequent changes can be tracked and contextualised, the company added.

The company cited the 2020 Edelman Trust Barometer study which found almost three in five consumers globally believed the media they consumed was in some way untrustworthy. Jim Gerace, chief communications officer for Verizon, said the company is inviting organisations around the world to adopt blockchain-verified communication practices.

Interested in hearing more in person?Find out more at theBlockchain Expo World Series, Global, Europe and North America.

The rest is here:
Verizon to use blockchain in its newsroom for comms verification - The Block - The Block

The Dutch central bank recently added a new stock exchange BLOX to the list of registered crypto companies.Every crypto-company that wants to operate in the country must register and prove that it complies with the legal requirements.Unfortunately, only three companies have registered so far, while the deadline is getting closer.

At the beginning of 2020, the Dutch parliament decided to pass new AML amendments, which meant that crypto exchanges must register with the countrys central bank. Those who did not want to do so were not allowed to continue operations in the country.

Since then, three crypto platforms have been added to the list of recognized exchanges, with the last one being added to the list only today.

The Dutch Central Bank recognizes its third crypto platform

The latest addition to the list of the Dutch central bank is a crypto stock exchange called BLOX. The exchange announced the news this morning via its blog and announced that it has received approval from De Nederlandsche Bank after registration.

The fact that BLOX is only the third exchange to be registered and approved by the bank is rather worrying for local crypto users, especially since the registration period is about to expire. The other two exchanges that have decided to register are Anvcoin Direct and AMDAX.

The bank recognized both, and they too received the same operating licenses as BLOX.

Those who do not register will have to stop all operations

About two months ago, in September 2020, the central bank also issued an announcement stating that crypto stock exchanges would be supervised by the bank itself under the fifth European AML Directive.

This will include all services offering crypto-fiat or crypto-to-crypto transactions, including crypto-wallet providers. The bank pointed out that these companies need to prepare for this and that the bank wants them to register.

This will be necessary as the bank is still very concerned about the use of cryptography in white-collar crime.

In order to be recognized, the stock exchanges must prove that they are well organized and able to deal with money laundering and terrorist financing.

The central bank will also continue to monitor their performance and ensure that they comply with the rules after registration. All those who do not register will be forced to cease all their activities after the deadline.

View post:
The Dutch central bank includes a new crypto exchange in its register. - The Washington Newsday

James R Quick,Director, Solutions & Advisory for Simeio Solutions, tells us its time to get rid of passwords and instead automate and secure the authentication process.

There are two things we can do to secure our corporate assets; get rid of users or eliminate passwords. I say that tongue and cheek, but theres truth to half of that statement.

Ok. We obviously need users but employees are on the front lines in a cyberwar over corporate and consumer data, battling myriad cyberattacks. Most data breaches are caused by credential theft. Thats why, our most important endpoints are users. They are the most likely to unknowingly give away the kingdom keys.

Im not being flippant about passwords. Id like to see them gone. The best way to eliminate nefarious activity from stolen passwords is to eliminate them. To secure employees, systems, applications, corporate secrets and consumer data, we must rein in repetitive and weak passwords that expose organizations to attacks.

Time to shift away from passwords

Everyone recognizes password weaknesses. Were frustrated with having to create and remember them, and where we stored them. So, we repeatedly use the same weak passwords, that are easily memorized. We know this creates a security risk but do it anyway.

Security teams are overwhelmed managing, storing and protecting credentials. They may not have the budget or resources for the most up-to-date systems. They might lack the processes and policies to consistently update software, and dont have the domain expertise to keep up with the latest technologies to protect their business. They know hackers can acquire user credentials and move laterally across their network to access anything they want. Theyre also challenged to keep up with ever-growing privacy regulations.

A password replacement must be pervasive

Our smartphones are almost another appendage. Theyre with us constantly and are ubiquitous in our personal lives and business. While there are many methods and strategies for avoiding stolen and misused passwords, there is one that scales and permeates our personal and business activities. We can harden endpoints, like smartphones, tablets, smart speakers and laptops, with standards-based public key cryptography.

How it works

Secure key-enabled user devices remove the need for passwords, eliminate user registration and login friction, and globally scale. To initiate the process, users authenticate with the website using their devices private key, which responds to the websites security challenge.

The private key can be used only after the security code has been unlocked by the user, by swiping a finger, entering a PIN etc. The device creates a new public/private key pair, unique to the online service, and the users account. The public key is sent to the online service and associated with the users account. The private key and local authentication information never leaves the device.

Passwords require human interaction which is a formula for disaster. We must automate and secure the authentication process. This means removing people from the equation. While there are many approaches to eliminating the password conundrum, standards-based public key cryptography provides strong authentication that scales and can be deployed on devices we use to register and login to online applications and services.

Facebook Twitter LinkedInEmailWhatsApp

Read the original here:
Simeio Solutions expert says: Most breaches are from exploited passwords. Let's get rid of them. - Intelligent CIO ME

Cryptocurrency is the online money which is used with the help of secret codes is known as chromatography. Cryptography is one of the techniques by which you can put your money in a safe place online, and you can use them by using this technique. It is safe and easy to use. Cryptocurrency can be defined in many ways and very different forms. One of the definitions of Cryptocurrency is a digital currency, which regulates all the currency and verifies all the transfer funds. You can also define Cryptocurrency as the digital currency made based on the cryptography technique. This currency is secure and unknown.

Electronic money will not show any users identity using this website, one of the best Cryptocurrency features. The design of this currency is based on a beneficial blockchain technique. Cryptocurrency is not ruled by government authority. The use of the service is private and anonymous to anyone. The currency does not need any value on assets such as material resources for production; however, it is regulated by the computer program and saved on the computer.

Transactions are executed over the Internet, and you will not need any gold or license for making your id. Cryptocurrency is different from other currencies in the world.

As we know, the market of cryptocurrencies is overgrowing, and it is also developing rapidly. For the expanding market, if the digital currency, they are adding new currencies at the market and helping if it develops at a high rate. The latest information about the digital currency is that at this time in the market of Cryptocurrency, there are 2000 currencies are present, which is showing the growth rate.

Many types of Cryptocurrency are present in the market like bitcoin, litecoin, z cash, dash, and ripple. Among the many forms of Crypto types, Bitcoin is the most famous Cryptocurrency throughout the world, and it is introduced to the people in the year 2009. From there, you can see the growth rate of bitcoin in the market. Following are some features of Cryptocurrency-

One of the great features of Cryptocurrency applications is a design based on cryptography, known for its secret codes. You can identify the user name or any user information from this application, the secret application with Anonymous identity.

On the Cryptocurrency, there is no charge of the government authority. It is separate and fully independent. The central government cant interfere in this situation. They also dont have the permission to look into the personal information of the users.

The best feature of this digital currency, where there is no involvement of the third party in the transaction process. There is no involvement of banks or governments. You can directly transfer coins from one account to another with the help of the Internet.

Many issues are related to Cryptocurrency is present in this world. Cryptocurrency is volatile, and many things will change in the market of this Cryptocurrency. The market of the coins is rapid, and the anonymous design of this application will become volatile. You can not predict the changes in this application. It is one of the prevalent issues of this application related to the Cryptocurrency market as we know that this application has unidentified nature. It is designed based on the cryptography technique. But because of this anonymous nature, you cant trust with the money lending and purchasing.

You cant be sure with your invested money in this application because it is rapid, and it will change suddenly. The change in the market is based on supply and demand. Because of its secretive nature, government authority cant control any transaction from this device. It does also not pay any revenue to the government. There are no regulations on Cryptocurrency, but some necessary regulations must follow in some countries. There is no restriction on using this application in the world. Many criticisms are present related to the use of Cryptocurrency.

Regulation of Cryptocurrency

The main principle of Cryptocurrency is decentralization, which means it is independent of any central government or government authority controls over this application, which is also secretive and independent. There are many opinions about the uses of Cryptocurrency in different regulatory states; therefore, many states do not have any regulations decided or rules related to Cryptocurrency. Many states are developing their regulation framework about the Cryptocurrency in their city. Some states already imposed some regulations on the use of Cryptocurrency.

Many acts are placed related to Cryptocurrency in several countries. Some countries ban the use of cryptocurrencies and denied permission for the secretive application with an anonymous feature. Many countries governments want the authority to remove this application, leading to the growth in cybercrime. All the costumers of this application are not real. Some of them are scams, and they can steal your money and data from your device.

Modern technology and all the countrys financial systems are trying to embrace this online system. When the cryptocurrencies are introduced to the people of Nigeria, Nigeria experiences a lot of negative and positive things that is important for the government of Nigeria. Investors in Nigeria invest their money in the Cryptocurrency with the hope of some profit in the future. Bitcoins are one of the popular Cryptocurrency in the world. Bitcoins are shared, and all the investors are investing their money in the Bitcoins. There is no presence of a third person in the Cryptocurrency transaction like the government and the bank.

Nigerias government has attempted a ban on the use of cryptocurrencies. Still, Nigerias legal status is questionable, unlike Morocco, which bans Cryptocurrency in their area of the country. If the government finds any used of Bitcoins in the city, they will charge more fines. The Nigerian government also takes some action on the use of cryptocurrencies. They issued a notice about the cryptocurrencies, which is explained the terms of cryptocurrencies. They also explain the benefits of the virtual currency of the government and losses of using cryptocurrencies. They also explain the risk of using cryptocurrencies instead of state currencies.

They also explain various warnings about cybercrimes related to cryptocurrencies like it will spread violence, terrorism, and other activities. They also pass the statements about the transaction of the Bitcoins by the banks in 2017. The Nigerian government also passes the statement for the investors who invest their money in the Bitcoins. They said that it is precarious and banned in Nigeria.

Conclusion

All this information will give you the idea of legal status in Nigeria related to cryptocurrencies. Currently, they are trying to build the framework of the regulation that reacted to the cryptocurrencies. They are trying to develop the rules and regulations in Nigeria.

The development of rules and regulations is not easy in any state or country, and the process requires a lot of time and effort. That is why people should value and appreciate their efforts and try not to harm the economy and the development process in any possible way, the only way in which any person can support his/her country at its best,

See more here:
What Is The Legal Status Of Cryptocurrency In Nigeria? - Jollofnews

A fully-fledged quantum computer that can be used to solve real-world problems. For many computer scientists, the arrival of such a device would be their version of the Moon landings: the final achievement after many decades of research -- and the start of a new era.

For companies, the development could unlock huge amounts of wealth, as business problems previously intractable for classical computers are resolved in minutes. For scientists in the lab, it could expedite research into the design of life-saving drugs.

But for cryptographers, that same day will be a deadline -- and a rather scary one. With the compute power that they will be capable of, large-scale quantum devices effectively pose an existential threat to the security protocols that currently protect most of our data, from private voice notes all the way to government secrets.

SEE: Network security policy (TechRepublic Premium)

The encryption methods that are used today to transform data into an unreadable mush for anyone but the intended recipients are essentially a huge maths problem. Classical computers aren't capable of solving the equation in any useful time frame; add some quantum compute power, though, and all of this carefully encoded data could turn into crystal-clear, readable information.

The heart of the problem is public key encryption -- the protocol that's used to encode a piece of data when it is sent from one person to another, in a way that only the person on the receiving end of the message can decode. In this system, each person has a private cryptography key as well as a public one, both of which are generated by the same algorithm and inextricably tied to each other.

The publicly-available key can be used by any sender to encrypt the data they would like to transmit. Once the message has arrived, the owner of the key can then use their private key to decrypt the encoded information. The security of the system is based on the difficulty of figuring out a person's private key based on their public one, because solving that problem involves factoring huge amounts of numbers.

Inconveniently, if there's one thing that quantum computers will be good at, it's crunching numbers. Leveraging the quasi-supernatural behaviour of particles in their smallest state, quantum devices are expected to one day breeze through problems that would take current supercomputers years to resolve.

That's bad news for the security systems that rely on hitherto difficult mathematics. "The underlying security assumptions in classical public-key cryptography systems are not, in general, quantum-secure," says Niraj Kumar, a researcher in secure communications from the school of informatics at the University of Edinburgh.

"It has been shown, based on attacks to these keys, that if there is quantum access to these devices, then these systems no longer remain secure and they are broken."

Researchers have developed quantum algorithms that can, in theory, break public-key cryptography systems.

But as worrying as it sounds, explains Kumar, the idea that all of our data might be at risk from quantum attacks is still very much theoretical. Researchers have developed quantum algorithms, such as Shor's algorithm, that can, in theory, break public-key cryptography systems. But they are subject to no small condition: that the algorithms operate in a quantum computer with a sufficient number of qubits, without falling to noise or decoherence.

In other words, a quantum attack on public-key cryptography systems requires a powerful quantum computer, and such a device is not on any researcher's near-term horizon. Companies involved in the field are currently sitting on computers of the order of less than 100 qubits; in comparison, recent studies have shown that it would take about 20 million qubits to break the algorithms behind public-key cryptography.

Kumar, like most researchers in the field, doesn't expect a quantum device to reach a meaningful number of qubits within the next ten or 20 years. "The general consensus is that it is still very much a thing of the future," he says. "We're talking about it probably being decades away. So any classical public-key cryptography scheme used for secure message transmission is not under imminent threat."

NIST, the US National Institute of Standards and Technology, for its part estimates that the first quantum computer that could pose a threat to the algorithms that are currently used to produce encryption keys could be built by 2030.

Don't let the timeline fool you, however: this is not a problem that can be relegated to future generations. A lot of today's data will still need to be safe many years hence -- the most obvious example being ultra-secret government communications, which will need to remain confidential for decades.

This type of data needs to be protected now with protocols that will withstand quantum attacks when they become a reality. Governments around the world are already acting on the quantum imperative: in the UK, for example, the National Cyber Security Centre (NCSC) has accepted for several years now that it is necessary to end reliance on current cryptography protocols, and to begin the transition to what's known as 'quantum-safe cryptography'.

Similarly, the US National Security Agency (NSA), which currently uses a set of algorithms called Suite B to protect top-secret information, noted in 2015 that it was time to start planning the transition towards quantum-resistant algorithms.

As a direct result of the NSA's announcement five years ago, a global research effort into new quantum-safe cryptography protocols started in 2016, largely led by NIST in the US. The goal? To make classical public-key cryptography too difficult a problem to solve, even for a quantum computer -- an active research field now called 'post-quantum cryptography'.

NIST launched a call for help to the public, asking researchers to submit ideas for new algorithms that would be less susceptible to a quantum computer's attack. Of the 69 submissions that the organization received at the time, a group of 15 was recently selected by NIST as showing the most promise.

SEE: Security Awareness and Training policy (TechRepublic Premium)

There are various mathematical approaches to post-quantum cryptography, which essentially consist of making the problem harder to crack at different points in the encryption and decryption processes. Some post-quantum algorithms are designed to safeguard the key agreement process, for example, while others ensure quantum-safe authentication thanks to digital signatures.

The technologies comprise an exotic mix of methods -- lattices, polynomials, hashes, isogenies, elliptic curves -- but they share a similar goal: to build algorithms robust enough to be quantum-proof.

The 15 algorithms selected by NIST this year are set to go through another round of review, after which the organisation hopes to standardise some of the proposals. Before 2024, NIST plans to have set up the core of the first post-quantum cryptography standards.

NCSC in the UK and NSA in the US have both made it clear that they will start transitioning to post-quantum cryptography protocols as soon as such standards are in place. But government agencies are not the only organisations showing interest in the field. Vadim Lyubashevsky, from IBM Research's security group, explains that many players in different industries are also patiently waiting for post-quantum cryptography standards to emerge.

"This is becoming a big thing, and I would say certainly that everyone in the relevant industries is aware of it," says Lyubashevsky. "If you're a car manufacturer, for example, you're making plans now for a product that will be built in five years and will be on the road for the next ten years. You have to think 15 years ahead of time, so now you're a bit concerned about what goes in your car."

For IBM's Vadim Lyubashevsky, many players in different industries are patiently waiting for post-quantum cryptography standards to emerge.

Any product that might still be in the market in the next couple of decades is likely to require protection against quantum attacks -- think aeroplanes, autonomous vehicles and trains, but also nuclear plants, IoT devices, banking systems or critical telecommunications infrastructure.

Businesses, in general, have remained quiet about their own efforts to develop post-quantum cryptography processes, but Lyubashevsky is positive that concern is mounting among those most likely to be affected. JP Morgan Chase, for example, recently joined research hub the Chicago Quantum Exchange, mentioning in the process that the bank's research team is "actively working" in the area of post-quantum cryptography.

That is not to say that quantum-safe algorithms should be top-of-mind for every company that deals with potentially sensitive data. "What people are saying right now is that threat could be 20 years away," says Lyubashevsky. "Some information, like my credit card data for example -- I don't really care if it becomes public in 20 years. There isn't a burning rush to switch to post-quantum cryptography, which is why some people aren't pressed to do so right now."

Of course, things might change quickly. Tech giants like IBM are publishing ambitious roadmaps to scale up their quantum-computing capabilities, and the quantum ecosystem is growing at pace. If milestones are achieved, predicts Lyubashevsky, the next few years might act as a wake-up call for decision makers.

SEE: Quantum computing: Photon startup lights up the future of computers and cryptography

Consultancies like security company ISARA are already popping up to provide businesses with advice on the best course of action when it comes to post-quantum cryptography. In a more pessimistic perspective, however, Lyubashevsky points out that it might, in some cases, already be too late.

"It's a very negative point of view," says the IBM researcher, "but in a way, you could argue we've already been hacked. Attackers could be intercepting all of our data and storing it all, waiting for a quantum computer to come along. We could've already been broken -- the attacker just hasn't used the data yet."

Lyubashevsky is far from the only expert to discuss this possibility, and the method even has a name: 'harvest and decrypt'. The practice is essentially an espionage technique, and as such mostly concerns government secrets. Lyubashevsky, for one, is convinced that state-sponsored attackers are already harvesting confidential encrypted information about other nations, and sitting on it in anticipation of a future quantum computer that would crack the data open.

For the researcher, there is no doubt that governments around the world are already preparing against harvest-and-decrypt attacks -- and as reassuring as it would be to think so, there'll be no way to find out for at least the next ten years. One thing is for certain, however: the quantum revolution might deliver some nasty security surprises for unprepared businesses and organisations.

Read more:
Quantum computers could soon reveal all of our secrets. The race is on to stop that happening - ZDNet

Google has shared details of a bug in the Windows Kernel Cryptography Driver (cng.sys) which is currently being exploited in the wild by hackers.

The Project Zero team had already privately shared details of the security flaw with Microsoft a little over a week ago, but now that it is being actively exploited the company has gone public. The zero-day flaw is being tracked as CVE-2020-117087, and it is not likely to be addressed by Microsoft for a couple of weeks.

See also:

A post on the Project Zero page explains: "The Windows Kernel Cryptography Driver (cng.sys) exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape)".

The Project Zero team made Microsoft aware of the security flaw back on October 22, but now it says: "We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline".

Ben Hawkes from Project Zero took to Twitter to say:

In a statement, Microsoft responded to the disclosure by saying:

Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchers' deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.

Image credit: Primakov / Shutterstock

Continued here:
Google shares details of a Windows Kernel Cryptography Driver security flaw that's being exploited by hackers - BetaNews