What exactly is Security Assurance?

If you are a regular reader of Cybersecurity Magazine, you may have come across Security Assurance before. In this article, we take a look at what is behind this abstract term and why it is so important.
Security assurance is an umbrella term for several processes aimed at ensuring individual system components can adequately protect themselves from attacks. Doing so requires not just a one-time effort, but actually spans the complete system lifecycle. After all, what is considered an acceptable security posture may change over time depending on, for example, newly emerging threats or changes to how the system itself is utilized.

Read more...

Why should banks be concerned with DDoS attacks?

Distributed Denial of Service (DDoS) attacks first appeared on the radars of security experts around 1999, when a wave of cyberattacks brought down countless websites, including resources of major corporations, such as CNN, eBay, Amazon, and E-Trade.
Many years later, DDoS attacks have not lost their relevance, on the contrary, DDoS attacks are growing more and more destructive. Financial institutions are increasingly becoming the targets of malicious actors, their financial and commercial losses inflicted by DDoS, lost revenue, customer churn, and hits to reputation, far exceeding operating losses.
DDoS then is a real and pressing threat for banks. But why are DDoS attacks in this industry that much more prevalent?

Read more...

The Importance of Cloud Security Governance

Cloud security, and in particular cloud security governance, is becoming an increasingly important area for security professionals to pay attention to. Cloud security has been on our radar since the inception of the whole cloud concept, but with the increase in the number of different cloud environments available, some special and some general, and the move to cloud-first deployments for companies around the world, having governance in place for the security of these clouds is becoming a business-critical issue.

Read more...

TPA Auditing to Enhance the Privacy and Security in Cloud Systems

Over the last decade, many enterprises around the world migrating from traditional infrastructure to cloud resources in order to cut down operational and capital expenditure. With cloud computing, huge amount of data transactions is communicated between cloud consumers and cloud service providers. However, this cloud computing enables surplus security challenges associated to unauthorized access and data breaches. We proposed in this paper a trusted third-party auditor (TPA) model which uses lightweight cryptographic system and lightweight hashing technique to ensure data security and data integrity to audit the cloud users outsourced data from cloud service providers.

Read more...

The Thriving Underground Economy and How It’s Increasing Hacker Capabilities

The spread of ransomware has reached unprecedented levels; every few days, there are headlines about new attacks crippling major companies or organizations. Some of these attacks have resulted in 8 figure ransoms, but the damage caused by downtime and data leaks is much larger than losses to ransoms.
A lot of the profits hackers are raking in get reinvested in enhancing their capability. All of this cash is driving the growth of an increasingly advanced and sophisticated underground economy, and with it, an expansion in hacker capabilities.

Read more...

Prevention is Better Than Cure: The Ransomware Evolution

With the number and frequency of ransomware attacks increasing, not to mention the innovation in distribution methods, this should be a wake up call for organisations to strengthen their defences. By taking a preventative approach, businesses can take the necessary steps to strengthen their cybersecurity posture. This includes a combination of education, processes, hardware and software to detect, combat and recover from such attacks if they were to arise.

Read more...

The Role of Cybersecurity in Protecting Patient Safety

The year 2020 has broken all records regarding the number of data breaches and other cyberattacks that targeted all organization types and sizes, from governments to enterprises.
As we progress in 2021, cyberattacks continue to escalate in both sophistication and number. And tragically, whether intentional or not, these incidents also affect critical services such as hospitals and other healthcare facilities.

Read more...

A Lightweight Security Scheme (LSS) for Wireless Node Communication for Border Surveillance System

The physical breach across the borders is a very common issue these days among nations sharing boundaries. It is controlled via proper border surveillance system. The border surveillance system is trivially a physical border intrusion detection system in which CCTV cameras are used traditionally to observe manually the presence of some intruder. Instead, we utilize the raspberry PI controller board based wireless sensor nodes fitted with raspberry PI camera for identifying the intruder.

Read more...

Time Lag-Based Modelling for Software Vulnerability Exploitation Process

With the increase in the discovery of vulnerabilities, the expected exploits occurred in various software platform has shown an increased growth with respect to time. Only after being discovered, the potential vulnerabilities might be exploited. There exists a finite time lag in the exploitation process; from the moment the hackers get information about the discovery of a vulnerability and the time required in the final exploitation.

Read more...

4 Steps to Creating Effective Post-Pandemic Data Security

Even before the COVID-19 pandemic, enterprise organisations faced seismic shifts in how they meet data privacy and security requirements. Whether due to mandated regulatory controls, ever-evolving digital transformation projects, or changing market conditions, keeping up with data security was like hitting a fast-moving target.
Despite their adaptability to staffers working remotely, however, many organisations remain wedded to outdated security protocols that don’t reflect this new work-from-home reality. If your organisation hasn’t changed data security priorities to keep up with the rapid shift to remote work environments, you may struggle to ensure that remote-work employees are secured and empowered to work from anywhere.

Read more...