Device Authority Adds Key Features to KeyScaler for IoT Security
KeyScaler is Device Authority’s flagship integrated IoT security platform that combines secure device registration and provisioning, credential management and end to end policy-driven encryption. This enables organizations to manage the security of the IoT ecosystems both at scale and through periods of rapid growth.
Version 5.5 introduces unique Automated Password Management (APM) technology to tackle the real-world challenges organisations are facing today with cyber attacks involving connected devices. In 2016, 63% of data breach incidents were related to weak credentials, and recent large scale attacks Mirai and BrickerBot used weak credentials as their exploit vector. Notably, the video surveillance market has experienced the consequences with cameras being compromised. KeyScaler’s APM reduces the headache and removes the associated human risks of manually updating credentials on hundreds or thousands of IoT devices. (Read More)
The NSA’s Inadvertent Role in the Major Cyberattack on Ukraine
The mayhem was committed by a group called the Shadow Brokers, which in April announced that it had acquired the NSA tool (known as Eternal Blue) and published its exploit code online for any and all hackers to copy. In May, some entity—widely believed to be North Koreans—used the the exploit code to develop some malware, which became known as WannaCry, and launched a massive ransomware attack, which shut down 200,000 computers, including those of many hospitals and other critical facilities.
Then on June 27 came this latest attack, which was launched by the Shadow Brokers themselves. This struck some security analysts as odd, for two reasons. First, the Shadow Brokers are believed to be members of—or criminal hackers affiliated with—a Russian intelligence agency, and Russians tend not to hack for mere cash. Second, the attack was slipshod: The ransoms were to be paid to a single email address, which security experts shut down in short order. If the Russians had decided to indulge in this mischief for money, it was a shock that they did it so poorly.
Now, however, several cybersecurity analysts are convinced that the ransomware was a brief ploy to distract attention from a devastating cyberattack on the infrastructure of Ukraine, through a prominent but vulnerable financial server. (Read More)
How to turn Cybersecurity into a Business Asset
What they don’t do is adopt an imprecise, one-size-fits-all approach to cybersecurity that fails to properly mitigate the risks it claims to address, like that imposed by the Investigatory Powers Act (IPA) and the recent calls by Amber Rudd to outlaw strong encryption. These high-cost, outdated sledgehammers that claim to regulate and improve surveillance capabilities not only fail to improve security, they erode the privacy and security of innocent citizens and businesses.
Organizations that want to turn cybersecurity into a business asset can learn from the failings of successive Government attempts to successfully legislate against cybersecurity risks. As I see it, there are four key pillars of effective cybersecurity strategy that enables a business to operate securely and successfully.(Read More)