As the world anticipates quantum computing, many believe it has potential benefits for every industry. Equally excited and awaiting its rollout is the hacker community who could use these powerful quantum computers to compromise the digital systems we use daily including online banking and email software

The US Cybersecurity and Infrastructure Security Agency (CISA) has already warned that organizations need to take action to protect network infrastructure for the transition to post-quantum cryptography.

Many governments believe that quantum computers can be used to break public-key encryption methods that countless networks use today. A fully-functioning and stable high-qubit quantum machine could potentially wreak havoc across the internet. It will lead to the vulnerability of secure networks and loss of public confidence in major institutions and businesses

The good news is that these governments are developing post-quantum encryption schemes. For instance, the US National Institute of Standards and Technology (NIST) has been running multi-year effort since 2016 calling upon cryptographers around the world to devise quantum-resistant encryption methods. It aims to standardize one or more quantum-resistant cryptographic schemes to foster a transition to seamless security for the general public.

What is Quantum Computing?

Quantum Computing focuses on the development of computer-based technology hinged on the principles of a quantum theory. Experts believe the present experimental quantum computers can render the conventional system obsolete. Its benefits include advanced research, higher-level simulation, and accelerated growth of artificial intelligence models.

Is Quantum Computing a Risk?

Despite these promising benefits, there are concerns about some negative implications which include ethical and security risks for businesses, quantum attacks from hostile nation-states, and exacerbating current issues like data harvesting.

CISA’s Stance on Quantum Threats

CISA asserts that critical infrastructure is more at risk largely due to the public-key cryptography that U.S. networks rely on to secure sensitive data.

CISA provides insight to all critical infrastructure owners to have a successful transition in their Post-Quantum Cryptography Roadmap. The roadmap stipulates the following measures:

• Taking actionable steps like inventory assessments of current cryptography technologies.
• Developing acquisition policies for post-quantum cryptography.
• Training staff about the upcoming transition from conventional to quantum computers is necessary.
• Increasing engagement with standards developments relating to necessary algorithms and dependent protocol changes.
• Managing inventory assessments and the security of critical datasets for an extended time.
• Organizations must identify systems where public key cryptography is used and mark these systems as quantum vulnerable.

Preparing Organizations for the Quantum Threat to Cryptography

Many believe the time to worry about quantum computers threats is in a decade — but it’s sooner than we think. The process of adopting new standards usually takes years so it is crucial to begin planning for quantum-resistant cryptography now.

Organizations need to make arrangements and budget for a transition plan. This should include upgrading IT systems and deploying standardized quantum-resistant cryptography. They also need to be aware of how vendors plan to upgrade software and hardware. The preparation process should include software upgrades, and system patch delivery to systems using cryptography. They should also ensure the security of these upgrades and authenticate the source.

Moreover, organizations need to take advantage of agencies promoting awareness of quantum computers’ impact on cryptography. These agencies also provide steps to prepare for the transition to quantum-resistant cryptography when it comes.

The agencies partner with others to evaluate the next generation of quantum-resistant cryptography. The aim is to replace current cryptographic applications.

The Challenges With the Quantum Resistance Ahead

New technologies come with new opportunities and new risks — and quantum computers are no exception.

Building a large-scale quantum computer already has several challenges – fabrication, verification, and architecture. The technology derives its power from the ability to store a complex state in a single bit. Unfortunately, this also rather complicates the process of building, designing, and verifying. The verification issue is a cause of concern since it affects communication mechanisms, control circuitry for quantum operations, and more. Moreover, there’s no telling if it impacts the security of data within the technology itself.

Code breaking is another area of focus. An easy way to break codes in conventional computers is to try all possible keys. However, it is a much longer and difficult process. Quantum computing uses Grover’s algorithm to speed up this process. Another method called Shor’s algorithm is capable of breaking or weakening cryptographic algorithms within hours.

The potential for harm from quantum threats here becomes huge. Once encryption methods get broken, trust in data transmission becomes low. Cybercriminals will find it easy to create bogus certificates that call for the validity of a digital identity.

The technology’s effect would render communications as insecure as if encoding didn’t even exist. While there are a lot of worries about quantum computing, these fears remain hypothetical. Today’s quantum computing cannot break any commonly used encryption methods. However, concern for the vital security of our global network infrastructure and data drives the immense effort to counter a potential future of quantum threats.

Passwordless authentication appears to be the new belle of the ball amongst tech experts. Of course, the reasons all bother on the general challenges experienced by security companies and businesses.

The security and tech world continue to advance in scope and sphere – through developing efforts to improve existing structure. These changes are prompted by the ongoing surge in security breaches in which no industry is spared.

Security issues surrounding weak passwords serve as a driving factor for these breaches — and a nightmare for IT departments. As secure as some might believe them to be,, passwords remain the weakest link in today’s workplace security network. Stolen credentials are costly to resolve and come with many negative impacts.

As organizations rethink the future of the workspace, passwordless authentication seems to be a way out.

What is Passwordless Authentication?

Passwordless authentication is any method that eliminates the reliance on passwords to provide a a smoother user experience, stronger security posture, and reduced costs.

Passwordless authentication uses methods of identity proof to replace the use of passwords, passphrases, and other shared secrets. The replacements take OTPs as an alternate means. Authenticator apps, biometrics, hardware, and software tokens make up other forms.

Businesses encourage the adoption of passwordless authentication because it removes all vulnerabilities associated with secret-based passwords. But, there’s a constraint – the market is not fully ready for its adoption. Business enterprises struggle to cover the various use cases with a single solution.

Challenges of Password Authentication

Security Limitations

Passwordless authentication is not entirely foolproof, although it’s better than a password. Hackers can use malware to intercept one-time passwords. They also insert trojans into a browser to gain access.

Costs of Deployment

The implementation of passwordless authentication requires high costs. It comes with new software, hardware, trained employees, and more. Passwordless authentication also entails a change in management plans and projects.

The deployment also comes with hardware installations and the purchase of gadgets. In addition, the choice of software comes with hidden costs, software administration, maintenance, and migration.

Passwordless Authentication Methods

Biometric Authentication

It is a method that requires using biological characteristics such as facial features and fingerprints. This authentication method allows users to instantly log into their devices .

One-Time Passcodes (OTP)/PIN

The OTP is a method that puts the responsibility of generating dynamic codes on the service provider. As a result, it eliminates having to remember passwords or downloading apps.

Foremost in this category is the time-based one-time password (TOTP). The TOTP is a transient method and must be in sync with the time zone. It works with algorithms that generate passwords on a server and client whenever there’s system authentication. A major drawback is that a user may mistakenly tap multiple times to generate a token. When this happens, they have to restart the process.

Push Notifications Authentication

Push notifications work with an installed app on the user’s phone. The user receives a notification on a registered device containing the logins date, time, and location that allows them to accept or deny access.

Magic Links Login Authentication

Magic links require a user to enter an email address into the login box. An email is then sent with a link that requires clicking to log in. A user receives this magical link to ensure safety whenever there’s a login.

The Benefits of Passwordless Authentication

Reduced Costs

Password management and storage require a lot of resources. Resetting passwords and frequently changing password storage laws are also costly. Passwordless authentication helps to remove long-term costs.

Stronger Cybersecurity Posture

Passwords no longer provide a stalwart defense as many people repeat them multiple times.

Once a password gets breached, leaked, or stolen, it’s much easier for s hacker to gain access to your other applications. This allows malicious actors to then commit financial fraud or sell trade secrets to rival companies. Passwordless authentication takes care of these challenges by offering protection against the most prevalent cyberattacks.

Better User Experience and Greater Productivity

Users often have to generate and memorize multiple passwords, and because of this they sometimes forget them, forcing the task of then resetting them. For this reason, users use simple and uncomplicated passwords, Often using the same ones for numerous applications, with an addition of an extra character. The challenge here is that hackers find it easy to access these accounts.

Passwordless authentication eliminates these challenges, as users do not have to create or memorize their passwords. Instead, they only authenticate using emails, phones, or biometrics.

Scalability

Passwordless solutions work with technology and factors that end users already possess. Therefore, it becomes easier for mobile devices and laptops to infuse the various methods. Some passwordless authentication easily integrated includes biometrics and authenticator apps, Windows Hello, and fingerprints.

Top 10 Use Cases of Passwordless Authentication

Passwordless authentication can apply to a variety of use cases including:

• Customer payments authentication
• Remote logins
• Logins for financial services
• Call center authentication
• Personal logins
• Customer balance access
• Record access
• Mobile banking
• Wire transfers
• Push notifications

Changing the Security Paradigm: The Big Step

Businesses that integrate passwordless authentication have a strong concern for security. Organizations now realize that many security breaches result from the use of passwords. For them, the one-time cost of implementing passwordless authentication is more rewarding.

While it’s true that passwords are still quite common, the security risks are enough reason to make a switch. With the technology quickly gaining traction, there’s no better time to integrate passwordless authentication.

Indeed, passwordless authentication is the next digital breakthrough that offers key advantages over the traditional password including:

• It helps to lower costs while also increasing revenue. Customers tend to gravitate towards such products and services that provide trust and security.
• Providing a smooth user experience is preferrable to any customer.
• The presence of the technology and its adoption is a vital element for trusted security.

Nonetheless, passwordless authentication remains in its early stages. While many businesses have yet to adopt the technology, there’s a strong sentiment that its adoption will help change the face of security in the near-term.

A Software-Defined Wide Area Network (SD-WAN) enables organizations to rely on a combination of transport services. The increasing use of SD-WAN for connecting enterprise networks improves productivity, reduces cost, and increases application performance.  

It is a feature-packed technology that centralizes security, management, networking, and more. Consequently, organizations with cloud solutions view SD-WAN as an infrastructure upgrade to operations. 

Wrong Approaches

A frequent occurrence with businesses is the focus on individual technical elements. Unfortunately, many such enterprises fail to realize  the need to address end-to-end solutions. 

Selection should encompass all available approaches with the choice that best suits the company’s needs, budget, and savviness. Another aspect to  consider is the fact that IT teams often fixate on price. Unfortunately, most of them misinterpret prices, opting for cheaper options resulting in  poor network performance .  

Such 0rganizations often soon encounter issues with high latency, prolonged downtimes, less supportive service-level agreements, and more. As enticing as cost savings can appear, ensure it never poses serious risk to your network connectivity or SD-WAN designs. 

Responding to this Challenge:

• Ensure that all choices and approaches produce maximum results for the company’s network. 
• Consider platforms with built-in cloud and security vendor access for appliances. 
• Ensure to prioritize necessary performance features over novel ones. 
• Technology evolves at a rapid pace, so plan accordingly with future long-term growth in mind.

Overlooking the Quality of Service (QoS) Concept for SD-WAN

One attribute that should never get overlooked is the QoS. An equally important aspect is the quality of experience. However, SD-WAN service providers never seem to offer end-to-end prioritization. Although it provides an efficient traffic segmentation and path selection, traffic movement often gets delayed. Therefore, seeking an SD-WAN approach with ‘fail safe’ technology features is crucial. 

These options must offer superior performance to MPLS across all applications. MPLS itself comes with end-to-end QoS via six settings for service-level categories, though also with delayed traffic movement.  

Responding to this Challenge:

• Never compromise on the quality of service and quality of experience with network connectivity.  
• Be sure to purchase local site-by-site internet underlay with low-cost service that provides high QoS and QoE along with various available features.Consult with experts to get the best-customized recommendations. 

SD-WAN Security Requirements

Some SD-WAN technology lacks security capabilities. Unfortunately, these security lapses often open the door to cyber threats. 

 For instance, there’s usually an edge security change with SD-WAN features such as virtual private network (VPN) deployment. In other scenarios, data get transferred with every migration to cloud solutions. Therefore, deploying hardware and virtualized instances with accessed security policies still comes with risks. 

 Responding to this Challenge 

• Organizations should take time to research all vendor claims and ensure all security functions meet  company criteria. 
• Strategize the integration of cyber security and networking solutions instead of separating the two. 
• Make it a habit to add new layers of security systems where and when necessary. 
• Try integrating existing security with SD-WAN solutions. 

SD-WAN Management Issues

Today’s SD-WAN solutions help to blur the lines between DIY and the type of management structure in place. Organizations never get to pick the management level traditionally. One of the drawbacks of the SD-WAN model is that it breaks most businesses’ existing centralized security inspections.  

Organizations often build hub network architectures designed around the consolidation of data streams. The idea is to backhaul traffic through a centralized channel into data centers. Firewalls are used to create  single security inspection points  so that packets get examined before making it into the data center. The presence of an SD-WAN architecture makes this method ineffective. 

By default, SD-WAN solutions lack integrated security that allows routing all traffic through a full security stack for inspection. There’s also the task of threat prevention before proceeding to its destination. 

 With SD-WAN,  lots of traffic moves outside the data center perimeter. As such, connections to the cloud from external sources like remote workers never go through the traditional inspection process. 

The outcome for organizations is a forced decision. They have the choice of forgoing the benefits of SD-WAN by backhauling traffic to the data center for inspection, or simply not securing traffic on the WAN at all. 

Responding to this Challenge:

• Give the required training to the IT team and staff members  
• Get dedicated staff that can oversee the end-to-end SD-WAN implementation 
• Infuse post-implementation monitoring and management into the company’s activity. 

Cloud Connectivity Requirements

When it comes to selecting SD-WAN projects, vendors and the IT team require cloud connectivity to either AWS, Google, or Microsoft Azure. Therefore, SD-WAN vendors typically belong to one of three categories based on their cloud access capabilities. 

• Native Cloud Access: This category includes built-in access to the vendor’s SD-WAN architecture . It involves using the cloud’s backbone infrastructure for connecting to branch office sites. For vendors that adopt the cloud as a global backbone, this is an everyday occurrence. However, this option is better for connecting to  local cloud data centers since the deployment of cloud gateway architecture is a unique system. 
• Vendor Access Provision: This category entails vendors delivering SD-WAN appliances to a cloud environment through public gateways or private backbones. Such an option comes with more flexibility regarding  vendor features. Public gateways and private backbones route traffic more efficiently than the Internet. 
•  Customer Access Provision: Here the customer is responsible for deploying the appliances in the local cloud-based data center with this option. This option offers cloud access in a more ad hoc and  simplified architecture. 

Responding to this Challenge:

• Normalize analyzing deployment needs and internal application performance. 
• After implementation, monitor application performance. It ensures that the business takes timely actions and prevents any form of disruption. 
• It’s crucial to decide the bandwidth requirements and latency policies in a multi-cloud environment. An excellent way to achieve this is by evaluating service dependency on several micro-service segments.

These shortcomings aside, SD-WAN offers numerous benefits for organizations  looking to optimize and transform their corporate networks.

Cisco recently confirmed they were the victim of a data breach in which hackers were able to steal 2.8 GB of data. Although these breaches are nothing new (SolarWinds, Credit Suisse, Twitter, the list goes on…) the Cisco breach is especially concerning because many organizations rely on Cisco products to keep their networks safe.   

The Cisco Hack: What Happened?

The threat actors behind the Cisco hack were able to successfully compromise an employee’s personal Google account.  Since the employee had enabled password syncing via Chrome and had saved their Cisco credentials in their work browser, once the account was compromised the hackers had the first bit of information they needed to break in.   

MFA Fatigue & Vishing

Of course, Cisco has MFA (multi-factor authentication) set up for VPN access, so the hackers then used a combination of MFA Fatigue and Vishing (Voice Phishing) attacks to get the employee to accept a push notification. MFA Fatigue is when they spam your device with Push requests to allow access; if you’ve ever accidentally clicked “OK” when you meant to click “Cancel” you know how easy it can be to get it wrong and it only takes once. And if you didn’t know beforehand this was a method hackers use to get break into a VPN….you might just assume it was a glitch, press OK and move on. 

 Vishing is when someone calls you and pretends to be from a legitimate business entity to get you to give up personal and/or financial details. Your first thought is likely to be “I would never fall for that” but these bad actors have plenty of information stored on you to convince you that they’re really calling from where they say they are. Such tactics often include number spoofing to impersonate your bank or corporate office, to confirm details like your credit card number and the last four digits of your SSN.  Everyone has a story of a “near miss” when they almost clicked on a suspicious link or answered some questions they shouldn’t – it only takes one moment of being too trusting.     

And Then…

From there the hackers went on a whirlwind tour of expanding the systems they could access until they reached a domain controller, downloading all the user data, enrolling other devices for VPN access, creating a new user just called “Z” and adding them to the local administrators group, and installing other hacking and access tools like TeamViewer, LogMeIn, Cobalt Strike, and more.  

There is an excellent, detailed write-up here for those interested in a deep dive.   

Could a NAC Have Stopped the Cisco Hack?

Is there a tool that could have prevented the Cisco hack from happening?  If you had a robust NAC solution like Portnox NAC-as-a-Service, would you be safe from this kind of attack?  The answer is absolutely, without a doubt…maybe. 

ZTNA (Zero-Trust Network Access) is a term that gets thrown around a lot, but this is a perfect example of why it’s so important. It boils down to this: your network should never trust that you are who you say you are. Many people think of VPNs as totally safe, and you’ve probably rolled your eyes a time or two when you had to go through the extra MFA step, but when it comes down to it, you don’t want trust just any device accessing your network, even if the user account is valid (because as we know from the Cisco example, sometimes it simply isn’t.) 

So, the best way to prevent a compromised account from accessing your network is to make sure access is limited to only people AND devices you trust. 

Without a VPN, this is easy – you can use the MAC address of the device to verify it and block anything that is using an unknown MAC even if the user credentials are valid. When you introduce a VPN, though, it becomes a little trickier, because VPNs use a ‘virtual’ network interface with a completely made-up MAC address. 

The best way to accomplish true ZTNA is via user account and certificate validation.  Certificate-based authentication is the use of a digital certificate to identify a device before granting access to a network resource (versus granting access to any device when a user account is valid.)  Certificates are stored on a specific device, signed by a trusted root certificate authority, and are only good for a set amount of time. Your NAC checks for the certificate to be valid and properly signed when you try to log in, thus verifying both the user account and device.  While certificate-based authentication is certainly not new, it is gaining popularity due to closing the gaps left by purely password-based authentication. 

There is also a possibility of using ComputerName as a RADIUS Attribute, but the device needs to support additional RADIUS attributes and not all of them do.  If your network is comprised of hardware from several different vendors, certificates are the way to go when you need your solution to be truly vendor agnostic.   

Users are always the biggest threat to network security, and at the end of the day most of our tools are designed to save us from the people who also need access to internal resources to keep us running.   

 

A data breach is something every individual and organization needs to avoid. Unfortunately, it has become all too common in today’s online world. One major way that personal information becomes compromised is through identity theft. It’s better not to imagine the extent of damage that goes along with that.

In this highly-connected world, cybersecurity is continuously increasing in scope and size.

For one, consumers want to conduct business with enterprises capable of keeping hackers away. As a result, it becomes necessary to put a response plan against data breaches. The question, therefore, is how do you prevent or respond to a data breach?

What is a Data Breach?

A data breach occurs when an organization suffers a security incident that affects the confidentiality, availability, or integrity of its data. Consequently, the rights and freedoms of individuals become compromised.

Data breaches strike every industry, sector, and individual. For individuals, the cost is often personal financial damage to investment funds, salaries, or savings. On the other hand, corporations often spend hundreds of thousands or millions in dollars to repair systems, improve defense, and more.

How Do Data Breaches Happen?

Compromised credentials are the most common method cyber attackers use to enter a database. The approach accounts for 20% of data breaches.

Most affected credentials include passwords and usernames obtained through a different security incident. Various attack methods come into play in these data breaches including brute-force attacks, megacart attacks, phishing and more. Also, a breach could result from an insider, negligence, and business email compromise (BEC).

For an inside threat, the attackers first conduct surveillance, then map out a network for the most valuable resources, before targeting a potential pathway to infiltrate the systems.

Financial motivations are the reason for most inside attacks. Some employees jump at it when they get tempting offers to make extra money. The outcome is your information changing hands.

Types of Data Breaches

A data breach is also great at ruining a brand and not just your revenue. For individual to remain safe, a knowledge of the common types of breaches is a must. You also need to know how it affects you. So, here is a list.

• Malware or Virus: The goal of this threat is to wipe information from a computer. For companies that heavily rely on data, this is always a heavy blow.
• Password Guessing: Stolen passwords all to often result in extreme damage. Passwords are typically hacked due to their simplicity and being easily guessable. Prime examples of this include Passwords derived from people’s names, pet names, or birthdays.
• Ransomware: As the name suggests, this occurs when you pay a ransom to regain access to your phone or computer.
• Phishing: Phishing involves the mirroring of a website with a fake duplicate that can highly resemble the original. When you unknowingly log into the site, the attackers steal your password to conduct their criminal activities.

How to Detect a Data Breach

As data breaches become inevitable, detection is becoming an increasingly important initiative. At this rate, cybersecurity has become an essential investment for individuals and organizations. We all need to understand who is vulnerable to data breaches and how to detect and respond to them.

Data breach detection is not always easy. It often involves an intelligent Data Security Platform, especially in the case of large companies. Their tools help to provide speed and precision when mitigating damages.

Nevertheless, there are always warning signs that indicate when your system has experienced a data breach. Here are red flags you need to the investigate:

• Sudden user account lockouts or password changes.
• Strange user activity such as logging in at irregular times from unknown locations.
• Unusual pop-ups, redirections, or changes to browser configuration.
• Unusual activity on network ports
• Strange messages from you by email or social media
• Strange configuration changes without an approval

Effects of Data Breaches

Irrespective of the size, a data breach can destroy a business. For example, 60% of small businesses often shut down within six months after an attack. These occurrences can stem from multiple factors including:

• Poisoned Corporate Brand: Data breaches have a way of tainting a business reputation –the effects of which can linger long after the incident.
• Loss of Sales: Reputational damage can lead to a loss of customers and sharp drops in revenue due to drops in customer trust.
• Loss of Intellectual Property: Intellectual property constitutes over 80 percent of a company’s value today. Losing intellectual property can threaten the future of the company and also leaves it vulnerable. In some instances, some competing businesses will even take advantage of stolen information for their own gain.

How to Develop a Data Breach Response Plan

Have an Incident Response Checklist
Having an incident response checklist for data breaches can provide guidance for what to do during breach scenarios. It contains an outlined task to carry out so that everyone knows what exactly to do. However, the checklist should be flexible to allow adjustments for evolving threats.

Be Informed about Laws and Regulations
Regular government policy changes are often a headache for SME businesses. Because of the rise in cybercrime, governments and agencies constantly change regulations on data protection. Be sure to keep tabs on these changes and adapt to new laws.

Review New Cyber Threats
Never take the news of a data breach for granted. It’s important to consistently review new security risks as these provide highly valuable insights.

Identify Data Security Platforms
In case of a security breach, contacting a forensic service provider is safe. They are highly skilled at investigating the cause and impact of an attack. It is best to have the contact for one beforehand rather than waiting for a crisis to find one.

Steps to Take After a Data Breach

1. Identify the Source and Extent of Damage
The first thing to do about any cyber attack is to identify the source. You also need to identify the type and the extent of the damage. It is a time-consuming process when operating without a prevention system.

2. Having an Intrusion Prevention System (IPS)
An IPS automatically logs the security event to you and tracks down the source and identify of the affected files when in use. You can also gain insight into the particular actions taken by the threat actor.

3. Inform your Forensic Service Provider
You need to have a structure in place for addressing security emergencies. If you have a team, have them to swing into action immediately. Remember your checklist and let them follow the procedure for resolving the issue. If it is an inside threat, revoke the account’s privileges and change the password. Should you not have an in-house team, inform your security service provider to tackle the problem.

4. Test your Security Fix
Once the issue gets resolved, implant a short-term security fix to prevent future occurrences. Don’t forget to also test any security fix to avoid attackers using the same method. Be sure to conduct the test on all computers and servers.

5. Inform Authorities and Affected Customers
Customers need to be informed about a breach of their personal data so they take personal measures to protect their identities such as canceling credit cards and setting up two-factor authentication if available. Informing customers requires three critical factors — time, information, and thoroughness. Be sure to communicate honestly and openly where necessary and provide steps of guides for them to protect themselves. In addition, contact authorities about the breach. The government and security agencies provide post-breach regulatory standards for every industry.

6. Prepare a Clean Up and Damage Control
The loss of customer confidence is another devastating effect of data breaches. They tend to be more cautious with any organization after a breach. When you fix all breach-related issues, quickly pivot and work on restoring public trust.

Final Thoughts on Data Breaches

There is no single method for responding to a data breach . Data breaches often require a case-by-case approach along with a thorough risk assessment to determine the best course of action. The extent of damage and nature of the breach will determine the precise steps needed. The response team may work with additional staff or external experts such as IT specialists/data forensics experts. While data breaches can undoubtedly be a nerve-wracking event, the first rule is always prevention, and having a sound response plan can help put the mind at ease.