Connect with us

Expert Speak

Five Reasons to Keep Your Software and Devices up to Date



Next time you’re tempted to hold off on installing software updates, remember why these updates are necessary in the first place says Phil Muncaster, guest writer at ESET

Technology enables us to do wonderful things. The PCs and mobile devices at the center of our digital world are an indispensable part of our personal and working lives. They offer us a gateway to social media, online banking, media streaming, instant messaging, fitness tracking, and much else besides. Depending on your circumstances they may also be an essential tool for work. But they’re also permeated by software that needs to be updated if you want a secure and optimized experience.

The more software you have on these devices, the more likely it is that your use of them will be interrupted at some point by an update notification. But next time you’re thinking about hitting “decline” or “postpone”, remember why updates are necessary in the first place. As the need to keep your software up to date is also one of the core messages of this year’s edition of Cyber Security Awareness Month, this is a timely opportunity to look a little more closely at why software updates matter.

Why bother updating?
The software runs the world. There was an estimated 230 billion app downloads in 2021 alone, up by over 63% since 2016. And it’s claimed the average smartphone user has 40 separate apps installed. That’s not to mention the other devices you may be using: PCs and laptops, as well as fitness trackers and other smart technology.

All of these applications need updating, as does the underlying operating system (OS), web browser, and possibly firmware – a special type of software that hooks into device hardware. Multiply this across multiple machines and devices and those annoying update pop-ups could amount to a major productivity headache. But updates are essential for several reasons:

Updates keep you more secure
Software is written by humans. That means the underlying code is prone to human error. Sometimes these errors – known as software vulnerabilities – can be exploited by malicious hackers, who can then take advantage of these security flaws. Such attacks can start with attempts to get people to click a malicious link, open an attachment in a message or lure them to specially crafted malicious websites. The end result can be remote code execution on vulnerable systems or malware downloaded to the device, which is designed to steal login information and any personal and financial data stored in the apps or on the device/PC.

That means threats such as:

  1. Identity theft and fraud
  2. Hijacking of sensitive apps and accounts like online banking accounts
  3. Ransomware designed to extort you by encrypting the files on your machine until you pay
  4. Cryptojacking, where a hacker uses your computer to illegally mine for cryptocurrency, increasing your energy bills and running down your equipment
  5. Botnet malware that hijacks your machine and uses it to attack others

Updates fix these vulnerability problems by upgrading your operating system and other software to the latest version, which “patches” the security issue in question.

Updates will keep your friends and family safe
It goes without saying that any shared computers at home that aren’t updated could expose not just your accounts and personal and financial information to attackers, but also those of your family members or housemates. Hackers may also hijack your email, messaging, and social media accounts to send hidden malware to your contacts. So, by keeping your devices and software on the most secure version, you’ll be doing your friends and family a favor, too.

Updates will ensure you have the best-performing device
Software updates don’t just keep your device secure. They are also issued to fix any performance issues the developers may have identified. So updating could help enhance your battery life, stop apps and other programs from crashing due to glitches, improve the speed at which pages load, and add a range of other functionality designed to make the user experience better. In other words, you deserve the best, don’t you?

Updates give you the latest functionality for free
Software developers also use updates to enable new features for their users. Consider an iOS update – the latest of them had a huge range of new capabilities, from message editing and customizable lock screens to Apple Pay enhancements and even a Safety Check feature to help people in abusive relationships. Again, who wouldn’t want to be on the latest and greatest version of their software?

Updates will head off trouble with your employer
Many companies insist that their remote working employees use only corporate-owned devices, which will have their own update mechanisms. But some may allow staff to use their personal devices to connect to corporate networks and access business apps in the cloud. However, if these devices are compromised because you failed to update key software, there could be trouble.

An attacker could steal your corporate logins to access sensitive company data and systems Or they could use the same access to infect the corporate network with malware. This could lead to a serious data breach or ransomware attack. The average cost of data breaches today stands at nearly US$4.4m per incident.

Other things to consider
To make matters easier, most devices and PCs today have automatic updates turned on by default. If for some reason yours doesn’t, a quick web search will show you how. Also, consider:

  1. Backing up regularly, in case an update breaks your machine/device and you lose any data
  2. Taking care where to download software from in the first place: only use approved app stores
  3. Adding extra security to your environment with security software for PCs and other devices, from a reputable provider

Ultimately, updates are about getting the safest, freshest, most feature-rich experience possible. That’s something every technology user should be on board with.


Biometric Authentication – A Cure for the Common Password



Written by Debra Miller, the Digital Marketing Communications Manager at HID

From 2019 through 2021, nearly 1,900 healthcare data breaches of 500 or more records have been reported to the Health and Human Services Office for Civil Rights. Those breaches exposed the sensitive and supposedly protected health information of 49.8 million individuals in 2021, an 11% increase compared to 2019. The reasons for security attacks are obvious and not so obvious.

The Root Cause of Most Healthcare Security Breaches
The human element, such as phishing, stolen credentials, and human error, causes 82% of data breaches. It is little wonder that these conditions pose critical security and financial risks to the healthcare industry.

One of the obvious reasons for security breaches is that healthcare workers log in to multiple computer systems dozens of times per shift. Consequently, healthcare workers must remember eight to 20 passwords to access patient-care applications.

Because they work under extreme time constraints and need to remember complicated, ever-changing passwords, some healthcare workers engage in risky password behaviours. For example, 51% of people reuse work passwords in their personal lives. Unfortunately, 44% of people know the risks of reusing passwords but do it anyway; and 69% of employees admit to sharing passwords with colleagues at work. These conditions lead to compromised, weak, and reused passwords, causing 81% of data breaches.

Moreover, for the past 12 years, healthcare, one of the more highly regulated industries, has suffered the highest average cost due to system breaches.  An individual’s health data on the black market can be worth more than a credit card because patient records often contain all their personal and financial information (PII).

Malicious actors also seek healthcare organization vulnerabilities in not-so-obvious ways, like those found in outdated IT infrastructure or software. Another not-so-obvious target is a healthcare worker’s use of personal devices that connect to the network. And even internet-connected medical devices like insulin pumps and heart rate monitors are an easy gateway to accessing the servers holding patient data.

How Biometric Authentication Provides a Cure for the Common Password
Preventing those breaches is critical to protecting patient privacy and confidentiality. This makes biometric authentication a critical element of a healthcare organization’s identity assurance strategy.

Biometric authentication delivers the highest level of identity assurance. While passwords are easy to forget, and wristbands and ID cards can be misplaced or stolen, biometric markers are unique to each individual and cannot be lost or forgotten. Biometric technology relies on something we always have with us: our fingerprints or faces.

Here’s how biometric authentication works. It compares two sets of data, the first is preset by the device owner, and the second belongs to the device visitor. If the two data are nearly identical, the device knows that “visitor” and “owner” are one and the same and gives access to the visitor.

Biometric authentication provides a cure for the common password by providing healthcare organizations with the following benefits:

  • Irrefutable proof of presence for regulatory and legal compliance. Biometric authentication provides instant insights into who accessed which systems and resources and accurately identify patients across multiple systems and facilities.
  • Fast and easy patient identity assurance. Biometric matching takes a fraction of a second. Accelerated access to patient data enables clinicians to be more productive and provide better care throughout the patient journey. Biometric authentication streamlines patient registration, check-in, and care eligibility verification. And, in a health emergency, quick, easy, and comprehensive access to medical records saves lives.
  • Minimized human intervention for improved data accuracy. Biometric identification is automated, frictionless, and sterile. It ensures data accuracy even when people wear surgical masks, and it eliminates duplicate medical records. Fingerprint scanners have accuracy rates above 99.5%. Best-in-class facial recognition systems deliver an error rate of just 0.08%.
  • Mitigated risks of patient misidentification. Patient misidentification costs the healthcare system billions of dollars each year. And more important, it can lead to tragic medical errors that cause temporary or permanent patient harm. Biometric technologies mitigate these risks by increasing accuracy and tying identification to something people always have with them — their fingerprints or faces.
  • Reduced identity fraud. Nearly 43,000 cases of medical identity theft were reported to the Federal Trade Commission in 2021. By extending security to systems that contain personal and sensitive data, biometrics increases the privacy of those individuals and reduces the risk of identity theft.
Continue Reading

Expert Speak

How Can Unified Physical Security Can Help Retailers Thrive in a Changing Environment?



Written by Firas Jadallah, Regional Director, Middle East, and Africa at Genetec

The retail industry has evolved dramatically over a relatively short period. Today, digital transformation has unlocked the creation of new innovative business models centered on frictionless, multi-channel shopping and e-commerce while simultaneously presenting new security challenges. In addition, it’s worth noting that digitization has also facilitated innovation in video surveillance technologies, creating new opportunities for retailers to use data from video management systems (VMS) in conjunction with data from access control systems (ACS), automatic license plate readers (ALPR), identity management systems (IMS), sensors, and more.

The key objectives are not only to reduce shrink but also to improve operational efficiency and the overall buyer experience. However, without a fully unified software solution, it is difficult to comprehend how these data puzzle pieces fit together and make sense. Only when retailers are able to consolidate data from multiple sources, can they gain a comprehensive understanding of their environment. A unified physical security platform that allows for the integration of devices and applications, will successfully create a connected store, which centralizes the management of the entire environment for improved visibility, operations, and data intelligence.

How Retailers Can Benefit from Unification:

Frictionless shopping
The introduction of frictionless shopping solutions such as curbside pickup and self-checkout has presented retail security teams with new challenges. Unified security platforms provide a variety of solutions to overcome these challenges. If theft is suspected, asset protection managers can easily review the video of self-checkout systems and share it with law enforcement as necessary. Unified security platforms also enable IT teams, to devote their time to higher-priority tasks and spend less time on software updates. Similarly, a comprehensive view of the connected store allows corporate security managers to work more effectively and efficiently.

E-commerce and logistics
In 2021, e-commerce sales in the UAE surpassed US$4.8 billion, up from US$2.6 billion in 2019, due to the pandemic-enabled acceleration of the global shift towards online shopping. According to an analysis by the Dubai Chamber of Commerce, the value of the UAE’s e-commerce market is expected to reach $9.2 billion by 2026. This exponential growth of the e-commerce market has given rise to new security concerns and a demand for inventory management logistics at distribution centers.

These centers are often frequented by a large number of non-regular employees, as coordinating the delivery of packages involves multiple parties. Here, ALPR technologies can play a crucial role in tracking who enters and exits distribution centers, and in retail locations, they can record who has received products from a curbside pickup station. ALPR solutions can also assist in identifying Organized Retail Crime (ORC) suspects by determining whether a vehicle has been involved in previous thefts.

Supply chain management is another area in which retail security technologies can play a focal role in overcoming challenges. Retailers can significantly reduce losses by utilizing article tags and video surveillance to monitor their environment and track individual products from suppliers to the warehouse, to the store.

Shrink encompasses numerous forms of loss, but it is primarily caused by external theft, such as organized retail crime (ORC). A recent report by Sensormatic estimates that the annual global retail sales loss due to shrinkage amounts to US$99.56 billion. Aside from the loss of goods, in some cases, retailers are also having to contend with violent altercations with thieves. Retailers are implementing a variety of technologies to combat ORC, including artificial intelligence-based video analytics at point-of-sale (POS)/self-checkout, self-service locking cases, autonomous security robots, and automatic license plate recognition (ALPR), in addition to establishing specialized ORC teams.

Cybersecurity threats such as fraud, account takeovers, malware, ransomware, compromised business emails, and data breaches pose escalating risks for retailers today. Any device connected to a retailer’s network, be it a smart IoT thermostat, an access control sensor, or a computer, has the potential to serve as a gateway for cybercriminals to gain access to private data stored on servers connected to that network. Due to the interconnected nature of modern technology, data must be secured and monitored at every stage.

When multiple solutions that were not designed to work together are implemented, it can be challenging for teams to manage, maintain, and scale. A unified security platform designed with cybersecurity in mind enables retailers to secure their entire IT infrastructure and mitigate network intrusion risks through one of their security devices. A unified security platform designed with cybersecurity in mind enables retailers to secure their entire IT infrastructure and mitigate network intrusion risks through one of their security devices.

Advancing Video Surveillance
The vast improvement in video camera quality and cost reductions over the last year have made video surveillance an essential component of retail security solutions. Furthermore, the digitization and automation of video technologies have further improved their value by transferring mundane tasks from humans to machines. Although adding video surveillance can address some of the challenges posed by frictionless shopping, it can also introduce new ones.

These surveillance systems can accumulate vast volumes of footage, which retailers must then store while also making sense of it. A unified system enables retailers to manage data from all cameras, as well as data from access control and ALPR systems, sensors, smart devices, and maps, through a single, intuitive dashboard. In addition, cross-referencing video footage with additional analytic data can yield insightful results.

These tools can provide invaluable insights into the customer’s journey through the store and at checkout, thereby enabling retailers to enhance their customer’s shopping experience.

Hybrid Cloud Solutions
Cloud-based systems make it efficient for retailers to scale storage requirements as the business environment evolves. However, overhauling an entire IT system all at once is a daunting undertaking. As stores are upgraded or retrofitted, retailers can take advantage of new technologies and functionalities by connecting IoT devices. A hybrid cloud strategy enables retailers to continue operating on-premises systems that meet current requirements while integrating them with adaptable cloud technologies. For companies with a combination of new stores that utilize cloud-based systems and established locations with on-premises systems, support of a hybrid cloud approach through a unified platform enables them to manage the data from all of them in one place.

Insights and Efficiency
When physical security systems are siloed, it is challenging to extract the full value of the data collected by each system. By leveraging a unified, connected store, retailers can combine and display data from all of their security systems in a variety of formats, including customized dashboards, graphical maps, mobile applications, and web clients.

When data is centralized, new insights become apparent. Modern physical security systems allow retailers to personalize dashboards that display data that is most pertinent to specific users. Each department, from asset protection to marketing, will have a unique perspective on data and offer a variety of solutions. Here, interdepartmental collaboration can be essential to the development of new strategies. Moreover, unified security platforms enable retailers to scale, regardless of whether they are opening their first physical store or expanding their global brand to hundreds of locations.

Unified security platforms can be easily deployed and integrated with video surveillance, access control, ALPR, and more. Starting with an open, unified security platform allows retailers to maximize the value of the devices and equipment they already possess, utilizing data in novel ways to streamline operations and gain insights. They can deliver an optimal customer experience without sacrificing security or negatively impacting their bottom line. Everything begins with integration – a connected store for the omnichannel world.

Continue Reading

Expert Speak

Indicators of Behaviour and the Diminishing Value of IOCs



Written by Hussam Sidani, the Regional Vice President for the Middle East and Turkey at Cybereason

How secure is your organization if you can only stop attacks that have already been detected in other environments based on Indicators of Compromise (IOCs)? Secure enough, if those were the only attacks you needed to be concerned with. But what about targeted attacks with bespoke tactics, techniques, and procedures (TTPs) that have never been documented because they were designed only to be used against your organization?

In today’s threat landscape that’s what’s happening: zero-day exploits, never-before-seen malware strains, and advanced techniques developed specifically for high-value targets are plaguing security teams. Most security solutions do a pretty good job of detecting and preventing known threats, but they continue to struggle with detecting and preventing novel threats. But the issue run even deeper than that — how can security teams detect malicious activity on the network earlier if the actions and activities of the attacker are not outwardly malicious because they are typical of activity we expect to see on a network?

The diminishing value of IOCs
Following a security incident, investigators scour for the evidence and artifacts left behind by the attackers. These can include IP addresses, domain names, file hashes, and more. Once these Indicators of Compromise (IOCs) have been documented, they can be shared so that security teams at other organizations can search their environments for similar threats, and security solutions can be tuned to better detect and prevent them from being used in subsequent attacks. That’s great for everyone, except the initial victims of the attacks, of course — for them, the damage has already been done.

Bur IOCs are constantly changing and more often are unique to a specific target, so leveraging IOCs for proactive defense in another environment is unlikely to result in earlier detections. Even the assumption that IOCs are somehow uniformly applicable in every instance, for a given attack campaign in the same environment, has proven to be demonstrably false.

Furthermore, the more advanced attackers engaged with a high-value target often change their TTPs within the same kill chain when moving from one device to the next in a target environment, making early detection based on already-known IOCs nearly impossible. IOCs are still quite valuable for detecting known TTPs, just as outmoded signature-based detections are still effective for detecting common malware strains, and they will continue to be an important aspect of our security toolkits for the foreseeable future.

But given the limitations of their application in surfacing highly targeted and novel attacks as described above, the question remains as to how we can detect more reliably and earlier in the kill chain. That’s where Indicators of Behavior (IOBs) come into play.

Defining Indicators of Behaviour
IOBs describe the subtle chains of malicious activity derived from correlating enriched telemetry from across all network assets. Unlike backward-looking IOCs, IOBs offer a proactive means to leverage real-time telemetry to identify attack activity earlier, and they offer more longevity value than IOCs have ever been able to deliver.

IOBs describe the approach that malicious actors take over the course of an attack. They are based on chains of behavior that can reveal an attack at its earliest stages, which is why they are so powerful in detecting novel and highly targeted operations. Sooner or later, an attacker’s path diverges from the paths of benign actors.

But IOBs is not about just looking for anomalies or a key indicator of malice at a particular moment in time, although that’s also part of it. IOBs are about highlighting the attacker’s trajectory and intentions through analysing chains of behaviors that, when examined together, are malicious and stand out from the background of benign behaviors on the network.

IOBs can also be leveraged to detect the earliest signs of an attack in progress that are comprised of “normal activity” one would expect to see occurring on a network, such as we see with techniques like living off the land (LotL/LOLBin) attacks where legitimate tools, processes, and binaries native to the network are abused by the attacker.

Operationalising IOBs for Operation-Centric security
Today’s alert-centric approach to security puts too much focus on the generation of uncorrelated alerts and remediating the individual elements of the larger attack campaign; a process that has proven to be inefficient given the typical resource constraints security operations are subject to.

Conversely, an Operation-Centric approach leveraging IOBs can reorient the detection and response cycle by consolidating otherwise disparate alerts into a single, content-rich correlated detection that serves to comprehensively disrupt the attack progression earlier than is possible with our current reliance on IOCs alone.

Leveraging IOBs to achieve an Operation-Centric approach also presents the opportunity to create a repository of detectable behavior chains that can surface even the most novel of attacks earlier, as well as support automated response playbooks that can better disrupt attacks at their onset.

More work to be done
Understanding attacker intentions and likely pathways based on early-stage actions and activities enable defenders to proactively predict and disrupt subsequent stages of an attack, as well as provides an avenue to develop fully autonomous security operations. In order to achieve a truly Operation-Centric posture and move closer to autonomous security operations, a future-ready standard that universally defines and operationalizes IOBs is required.

To be truly useful, there needs to be a common definition, language, and expression of IOBs that is completely independent of any particular security tool or vendor. The wide array of solutions available can provide the raw telemetry as well as the color and context required to collectively interpret observable behaviours.

But, as it stands today, security tools themselves don’t provide a standardized language that can accurately describe and operationalise the chains of behavior that will enable us to detect and respond to attacks faster than the adversary can adapt. Operationalising IOBs will require standardization that will deliver the full potential value of the entire security stack to quickly and autonomously deliver the necessary context and correlations across diverse telemetry sources.

But achieving an Operation-Centric approach that leverages IOBs will ultimately empower security operations to predictively respond to changing TTPs more swiftly than attackers can modify and adjust them to circumvent defenses, which is key to finally reversing the adversary advantage and returning the high ground to the Defenders.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.