Archive for July, 2020

5G & Data Security

PDF Version: 5G-and-Data-Security

, , ,

No Comments

Impact Of ‘Digital Tartar’ On Business Wellbeing

As the amount of data being created and shared is increasing, it has given rise to the problem of ‘Digital Tartar’.

What Is ‘Digital Tartar’?

It is the process of accumulation of sensitive data in the nooks and crannies of file shares. The accumulated data clogs up the systems, leading to increased risks such as operational inefficiencies, added expenses, and damage to brand reputation.

In order to understand the impact of ‘Digital Tartar’ on businesses, it is first important to understand what gives rise to the accumulated data. Major blame lies in bad data hygiene. A prediction states that in 2020, about 1.7 MB of new information will be created every second per human being on the planet. However, 0.5% of all data is analyzed and used, increasing the risk of ‘Digital Tartar’.

Impact of ‘Digital Tartar’ On Business Wellbeing:

Excessive data build-up has major consequences for businesses.

  • Higher the amount of data an organization stores, higher is the cost spent on storing it.
  • Storing an excessive amount of sensitive data increases the inherent risk of data exposure.
  • Having large data accumulation increases the risk of loopholes, which makes the system more susceptible to cyber-attacks.
  • Data breach can result in reputational damage leading to a loss in public trust.
  • Increased data build-up leads to slower systems and decreased operational efficiency.
  • Data accumulation reduces the transparency within the organization and can lead to wrong decision-making.
  • Clearing out excessive data and ensuring that the leftover data is accurate leads to higher operational costs.

This gives rise to the need for businesses to regularly consider the type of data being collected and if it is worth storing.

How To Combat The Problem Of ‘Digital Tartar’?

  • Increasing awareness about digital hygiene and its consequences among every team inside an organization can help in creating a healthy data environment.
  • Formulating policies to collect essential data only and conducting regular clean-ups of the system can help in avoiding data build-up.
  • Businesses need to reconsider how they store the data and if the process is in compliance with GDPR regulations.
  • The organizations need to continuously evolve the processes and regulations to meet the changing cyber security requirements.
  • Undertaking proper ‘Digital Flossing’ can help in reducing the build-up of ‘Digital Tartar’. It includes steps such as documentation of the de-cluttering process, annual auditing by an external consultant, etc.

For more information on impacts of ‘Digital Tartar’ on business wellbeing, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments

How Are Attackers Targeting Organizations With Steganographic Techniques?

Steganography is the act of hiding secret information within an ordinary, non-secret file or message to avoid detection. The main strengths of steganography are its capacity to keep a message as secret as possible and hide a large amount of data. Cyber attackers are exploiting these strengths to target organizations by launching sophisticated attacks.

Cyber attacks employ steganography to embed malicious code in seemingly benign content to bypass an organization’s cyber security. The basic layout of a cyber attack using steganography is based on four concepts.

  • Social Engineering: When the user opens the compromised document, the malware code instructs the victim to enable content in the document.
  • Network Security Monitoring Evasion: Once the content is enabled, the document runs a PowerShell script to download a file with embedded malware. The file may be as simple as a popular image, a wallpaper, etc. and is stored on a remote server.
  • Manual Analysis Evasion: The attackers make use of obfuscated VB macros to decode the malicious content hidden within the pixels of these images and install the malware.
  • Persistence: The malware is designed to register scheduled tasks to enable the script to survive system reboots.

What Is PowerShell?

Microsoft introduced it as a scripting language and command line. It is now open-source and cross-platform enabling developers to use multiple languages and libraries for building applications for mobile, gaming, desktop, and IoT solutions. It is popular among cyber criminals for launching steganography attacks because:

  • It’s easy-to-use and versatile, providing access to all major OS functions.
  • It is used and trusted by many administrators, allowing PowerShell malware to blend in with benign activity on the network.

What Type Of Information Hidden Is Via Steganography By Cyber Criminals?

Cyber criminals can use the information hiding at different stages of a cyber attack depending upon the kind of information hidden.

  • Identities: Anonymization techniques are used to hide the identities of communicating parties.
  • Communication: Steganography is used to hide the fact that a conversation is taking place. It conceals the data packet flow by using traffic-type obfuscation methods.
  • Content: Cyber criminals may hide the content of data but not the transmission or presence of data itself.
  • Code: The structure of executable malicious code is hidden by binary code obfuscation and masquerading techniques.

With an increase in the number of sophisticated cyber-attacks using Steganographic techniques, the organizations are required to update their cyber security measures.

For more information on the use of steganography in cyber attacks, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

Switching To An Encrypted Communication App

Encryption is the process of encoding information for preventing anyone other than the intended recipient from viewing it. It uses an algorithm known as a cipher to convert the information into a code that appears like random characters or symbols. This renders the information unreadable to anyone who does not have the decryption key. Same concept is applied to an encrypted communication app.

What Is An Encrypted Communication App?

An end-to-end encrypted communication app secures the messages being sent and makes sure the information is visible only to the end users – the sender and receiver.

Why Is It Important To Switch To An Encrypted Communication App?

As privacy has become an important consideration for organizations and individuals alike, securing the communications has gained leverage. Common reasons behind a leaked communication are:

  • Monitoring of communications by the app providers
  • Security breach by hackers/cyber criminals

A leaked communication text may cause damage to personal/organizational reputation by exposing personal/trade secrets. Additionally, communications may include the exchange of media files such as personal photos, videos, etc. Breach of these files may cause a serious threat to the parties involved.

How To Choose An Encrypted Communication App?

While it has been established that now is the time to switch to an encrypted communication app, a major question is how to choose a suitable app from the large pool of available communication apps.

In order to choose a suitable encrypted communication app, it is important to consider following points:

  • Encrypted Metadata: In the context of messaging, metadata includes information such as the sender’s phone number, recipient’s phone number, date and time of the message. This information may seem trivial, but it can be used to map with whom and when the individual communicates. So, choose a communication app that encrypts the metadata along with the body of the message.
  • In-App Encryption: Some communication apps do encrypt the messages being shared over the network but do not encrypt the messages stored on the device. This may cause a threat in case the device is stolen. Thus, it is important to confirm that all the messages are encrypted before being stored on the device prior to choosing a communication app.
  • Online Backups: It is a common practice to back up the communications on cloud (Google Drive, etc.) to combat situations like failed/stolen devices. However, in this case, the messages are protected by a single layer of security (mostly a password). So, consider a communication app that offers an alternate solution to secure the backup.
  • Security Analysis: In the case of closed source communication apps, it is practically impossible to review the code and see how well the encryption has been integrated. So, it is advisable to choose an open-source communication app that allows analysis of the security measures enforced by the app.
  • Security Settings: Choose a communication app that has security-focused settings such as ‘Self-destructing messages’ that disappear after a pre-selected time, ‘Screen Security’ that prevents anyone from taking a screenshot of the conversation, etc.

For more information on encrypted communication apps, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments