Category Archives: Cyberinfrastructure‎

Take these 6 security measures to protect your IoT devices from hackers

Tech AnnouncementBI Intelligence estimates that by 2020 there will be more than 23 billion IoT devices connected to the internet. One of the biggest challenges in connecting so many devices will be in securing them to prevent hackers from controlling them or using them to infiltrate networks and databases. Many low-power IoT devices don’t have the computing power to run antivirus software like a computer.

A recent blog post on EETimes discussed six measures that can be used to protect IoT devices from hackers:
Use a Trusted Platform Module (TPM) for authentication. A TPM is a dedicated microprocessor that integrates cryptographic keys into devices to uniquely identify and authenticate them. Each device then has its own identifier that is encrypted by the keys. This will prevent hackers from hacking and impersonating a device to gain access to home, enterprise, or government networks.

Use the Trusted Network Connect (TNC) standards to check for malicious software or firmware. The TNC standards offer a way to check devices for malicious software or firmware whenever they try to access networks or other devices. This would help prevent hackers from using hacked devices to upload spyware or other malicious software to networks or other devices.

Isolate and remediate infected devices with security software and protocols. If a device is infected with malware or other malicious programs, it needs to be quarantined. The IF-PEP protocol can isolate an infected machine from other devices and networks. There are numerous solutions from security software vendors for clearing the device of the infection once its isolated.

Layered security can limit the damage a hacker can do once device is hacked. A Mandatory Access Control system limits access to certain functions or files on a device for a given user. This acts as a choke point that can prevent hackers from gaining sensitive information through the hacked device.

Data encryption is a must. This should go without saying, but data needs to be encrypted when stored on a device or in transit. The post recommended using a read-only mechanism to obstruct hackers’ efforts to tamper with data on a device.

Secure legacy systems through industrial control systems. To reach their full potential, IoT devices and systems have to be integrated with legacy machines or appliances that were never built to be connected or secured against hacking. Industrial Control Systems can segment that legacy hardware from other systems and secure communications between them with encryption. This, for instance, could prevent a hacker who has infiltrated the network of a connected factory from then taking control of the machinery on the assembly line.

BI Intelligence estimates that spending on security for IoT devices and systems will increase five-fold from 2015 to 2019.

Source: https://in.finance.yahoo.com/news/6-security-measures-protect-iot-210500344.html

Cyber crimes in India likely to double to 3 lakh in 2015: Report

45755726.cmsNEW DELHI: Rising at an alarming rate, the number of cyber crimes in the country may double to 3 lakh in 2015 and could pose serious economic and national security challenges, an Assocham-Mahindra SSG study has warned.

The increasing use of smartphones and tablets for online banking and other financial transactions have increased risks.

India has emerged as a favourite among cybercriminals, mostly hackers and other malicious users who use the internet to commit crimes such as identity theft, spamming, phishing and other types of fraud.

As per the study’s findings, total number of cyber crimes registered during 2011, 2012, 2013 and 2014 stood at 13,301, 22,060, 71,780 and 1,49,254 respectively.

“What is causing even more concern is that the origin of these crimes is widely based abroad in countries like China, Pakistan, Bangladesh and Algeria, among others,” Assocham Secretary General DS Rawat said.

Phishing attacks of online banking accounts or cloning of ATM/debit cards are common occurrences. Maximum number of offenders belong to the 18-30 age group, added the report.

With increasing use of information technology (IT) enabled services such as e-governance, online business and electronic transactions, protection of personal and sensitive data have assumed paramount importance.

“The economic growth of any nation and its security whether internal or external and competitiveness depends on how well is its cyberspace secured and protected,” said Rawat.

The attacks have mostly originated from the cyber space of countries including the US, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE, the study revealed.

Smartphone users rarely check for security certificates while downloading apps (games, music and other software) from third party or unsecured sites, the study said, adding that mobile banking apps store data such as PIN and account number, on the phone.

There is a risk that if the phone is hacked or stolen, then the information is compromised, the study said.

It further stated that mobile frauds are an area of concern for companies as 35-40 per cent of financial transactions are done via mobile devices and this number is expected to grow to 55-60 per cent by 2015.

Rising Internet penetration and online banking have made India a favourite among cybercriminals, who target online financial transactions using malicious software (malware). India ranks third after Japan and US in the list of countries most affected by online banking malware during 2014, the study said.

Andhra Pradesh, Karnataka and Maharashtra have seen the highest number of cyber crimes registered under the new IT Act in India. Interestingly, these three states together contribute more than 70 per cent to India’s revenue from IT and IT related industries.

8 Best Practices for Tightening Internal Data Security

Tech AnnouncementJust how safe is your company data? According to the IBM Cyber Security Intelligence Index, U.S. businesses experienced over 1.5 million monitored cyber attacks in 2013 alone. Sensitive information regarding your internal operations, your customers and your employees is at risk if your organization does not take proper measures to secure its data. Take a look at these eight crucial security reminders for business leaders to keep in mind.

1. Password Character Requirements. There’s a reason why so many web-based consumer services require complex passwords. Unauthorized users are less likely to guess passwords when employees use a blend of phrases, upper and lower case letters, numbers, and punctuation. Work with your IT department to configure the password requirements for your employees.

2. Password rotation. Passwords that go stagnant are a liability for companies. For example, former employees might still be able to gain access to confidential information after they leave the company, if teams use the same outdated group email. Schedule password rotations every few months so that every user must update accounts with new passwords.

3. Session time out. This setting prevents a user’s account from remaining signed into a system after a certain period of time. For example, if a cashier leaves their point of sale terminal, their session should automatically expire after a delay so that no unauthorized users can attempt to operate the point of sale.

4. No outside hardware. No employee should be allowed to use external hardware in the office, such as storage devices or other peripherals, unless cleared by your company’s IT department. External devices can contain spyware or viruses that pose a significant risk to your computers and network. Additionally, this restriction reduces the risk of employees stealing internal data.

5. Installation restrictions. Employees should not be able to install unauthorized software on work computers or mobile devices, since unchecked installations can lead to malware infections. For example, a graphic designer might decide to download a freeware utility to complete a project. While they are well intentioned, this employee might accidentally install a trojan on their work computer.

6. Managed mobile devices. Mobile device management (MDM) software allows you to enroll in-house and BYOD technology in a system that deploys security configuration settings, company data and content over the air. This is an excellent way to enforce remote security restrictions, such as password updates or app restrictions. Once an employee leaves a company, company-related data can be quickly wiped from their device remotely.

7. Backup encryption. Copies of your company data can also be a weak point, if unauthorized users are able to view and edit these files. Work with your IT department to create redundant and encrypted backups of your business-critical data.

8. Remote wipe. Mobile device solutions like Android Device Manager and iCloud allow you to remotely wipe device data if your smartphone or tablet is lost or stolen. This will quell your fears about confidential data leaks, in case you forget your phone at a restaurant. Many of these remote security systems also help you track and lock your devices, so that you can attempt to recover your technology before erasing it.

Anyone  from the newest intern to C-level executives can become a target of digital crime. Train your employees to observe data security best practices. Taking proactive measures will help your business stay ahead of threats.