Skip to content

Enhancing OT Security Without Disrupting Operations

What is Operational Technology?

Cybersecurity has come a long way in the recent past. Its importance is felt in all aspects of modern life, both personal and industrial. The current digital and network advancements are steadily pushing Information Technology (IT) and Operational Technology (OT) towards integration. While IT systems interact with each other for data-centric computing, OT systems involve hardware and software that monitors or controls physical devices and processes to detect or cause changes in an industrial environment or enterprise.   

OT plays a significant role in Industrial Control Systems (ICS) and encompasses a wide variety of programmable systems such as Supervisory Control and Data Acquisition systems (SCADA) and Distributed Control Systems (DCS). These are found in many aspects of the environments we interact with daily, which makes keeping these systems secure a top priority.  

Industrial systems traditionally have relied on human monitoring and management through proprietary control protocols and software. Today, however, more industrial systems are automating these processes in a bid to boost efficiency and deliver better and smarter analytics through the convergence of OT and IT systems. This fills in the  gap that previously that isolated OT from IT. This bridge ensures that the information passed down to the people, sensors, devices, and machines is accurate and on time.  

How IoT Adoption Affects OT Systems

Anyone who has been around long enough to see how the internet and modern technology have changed the world can attest to its benefits. The shift to making most aspects of human life ‘smart’ has had both positive and negative effects. In a bid to make OT systems more efficient and reliable, most people have adopted integrated enterprise software and analytic data services. This makes processes and systems such as cooling efficient and also monitoring devices easy and more cost-effective. 

This action comes with one main downside; an increase in security risks. The connection of these systems leaves industrial networks and components vulnerable to OT security deficiencies such as lack of encryption, buffer overflow, backdoors and other tailored attacks on physical components. 

The digital attack surface also grows massively. For instance, in a configuration where things go through a switch, it would be difficult to monitor the traffic or detect changes. This makes the network vulnerable to targeted attacks. Some economies or communities could face utter devastation should their industrial systems be attacked due to the high cost of some of the industrial equipment.  

On the brighter side, industrial networks can be protected without risking non-compliance or disruption of operations. While IT security deals with data flow and its protection, OT security is focused on the safety and efficiency of industrial operations. By implementing proper security strategies and policies that ensure the visibility of all network control traffic, you can effectively reduce security risks and protect operations. 

Modern OT Security Approaches

The integration of OT and IT systems has led to the development of OT security. This is done in a bid to protect lives and assets and ensure that there is no operating downtime leading to production losses. The common standards and practices for secure OT systems are detailed by bodies such as The National Institute of Standards and Technology and the UK’s National Cyber Security Center. Their reports have detailed information on OT risk management, vulnerabilities, recommended practices and guidelines. These form the framework for different ways to secure OT systems.

When protecting OT systems, one must first understand the vulnerabilities that they face. Now that OT, IT, and IoT systems have become part of an indistinguishable system, any margins of error could mean a collapse in the whole network. Some of the ways OT networks are compromised by malignant elements include:   

  • Unauthorized Changes: This could consist of disabling safety sensors and alarms. This also increases the risk of bad actors inputting instructions that could lead to downtime. 
  • Interference With Critical Infrastructure: Access to sites and operational systems should only be granted to authorized personnel. Interference of control units and equipment protection systems could lead to irreparable damage, 
  • Manipulation or Modification of Sent Information: Hackers use this technique to disguise unauthorized changes and breaches as they penetrate the system. 

It is always essential to understand that attacks could come from within. It could be rogue employees with infected USBs or even poor coding. This means that industrial security has to be both preventive and offensive. Apart from the conventional security protocols, OT protection must be based on a fully visible IT/OT infrastructure. This means employing monitoring and analysis tools that can detect even the most minute anomalies.  

Best Practices for OT Security

An efficient OT security plan should incorporate three main levels of protection and include the following practices: 

Using Next-Generation Firewalls (NGFW) in OT Networks

Traditional firewalls had their drawbacks in terms of network speed, awareness limitations and their inability to adapt to new threats. Next-Generation Firewalls (NGFWs), on the other hand, offer the best security against threats by giving you complete control of the industrial systems. These firewalls are made to meet any configuration in the ICS for maximum visibility and monitoring. Organized architecture in terms of control ensures efficient and uninterrupted workflow.  

Having Efficient System Restore Plans

Should there be any breaches or failures of certain components within the OT network, there should be protocols to restore functionality without delaying operations. The SRP should take the least amount of time. Moreover, despite the conditions or challenges faced, the industrial environment should be designed in a way that ensures operations can continue running, awaiting restoration. This means enabling the workforce access to manual control and emergency operations.  

Risk-Based Vulnerability Management

The RBVM system provides comprehensive information on possible threats and the extent of their effects. In collaboration with network analytics such as mapping constant monitoring, it is possible to anticipate the risks that the threats pose and prepare the security team with efficient responses or possible SRP.  

These layers of protection also need to be coupled with other general security practices. For instance, access to OT network devices and systems should be restricted to unauthorized parties. This can be achieved by separating the cooperate network from the OT network. On the other hand, remote access solutions should be available.  

Remote access is a contentious security measure. One of the channels used by bad actors is the backdoors that remote access leaves. To counter this vulnerability, remote access sessions can be restricted and monitored by time and user activity. When it comes to safeguarding data, the best solution is encryption. Backups and restore points also need to be in place. Using these tools and security protocols means that the OT network remains secure while the industrial environment remains fully operational. 

What the Future Holds for OT Security

The best part of technology is its nature and tendency to evolve. This means that cybersecurity will only get better. At the moment, OT security faces a couple of minor setbacks primarily due to its nature. A fact that is evident in the design of these systems. Since they are meant to run for years, the focus is placed more on their reliability rather than security. As more OT systems are connected to a network, their lack of initial security and use of legacy protocols poses significant risks.  

As mentioned, however, the beauty of technology is adaptation. To maneuver these challenges, businesses are adding newer devices to their OT enterprises and taking OT cybersecurity seriously. It is clear that the future of OT security is bright due to the growing investment in OT security. Professionals in this sector are increasing in number every day after its necessity was realized.  

Cloud technology has also improved the industrial environment by connecting workplaces. This game-changer is poised to boost production and ensure efficiency while still maintaining low production costs. 

Controversial as it may sound, even hacking and other unauthorized breaches help increase OT security. This inverse effect is due to the fact that by revealing the gaps and vulnerabilities in the system, light is shed on the areas that require patching or even upgrading.

Final Thoughts on OT Security

In conclusion, every party involved in this industry must acknowledge the need for upgraded and efficient OT security solutions. There is a need to pool resources and specialize in OT Cybersecurity if its development is to be sustainable and future-proof.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

CISA Urges Organizations to Prepare For Future Quantum Threats

As the world anticipates quantum computing, many believe it has potential benefits for every industry. Equally excited and awaiting its rollout is the hacker community who could use these powerful quantum computers to compromise the digital systems we use daily including online banking and email software

The US Cybersecurity and Infrastructure Security Agency (CISA) has already warned that organizations need to take action to protect network infrastructure for the transition to post-quantum cryptography.

Many governments believe that quantum computers can be used to break public-key encryption methods that countless networks use today. A fully-functioning and stable high-qubit quantum machine could potentially wreak havoc across the internet. It will lead to the vulnerability of secure networks and loss of public confidence in major institutions and businesses

The good news is that these governments are developing post-quantum encryption schemes. For instance, the US National Institute of Standards and Technology (NIST) has been running multi-year effort since 2016 calling upon cryptographers around the world to devise quantum-resistant encryption methods. It aims to standardize one or more quantum-resistant cryptographic schemes to foster a transition to seamless security for the general public.

What is Quantum Computing?

Quantum Computing focuses on the development of computer-based technology hinged on the principles of a quantum theory. Experts believe the present experimental quantum computers can render the conventional system obsolete. Its benefits include advanced research, higher-level simulation, and accelerated growth of artificial intelligence models.

Is Quantum Computing a Risk?

Despite these promising benefits, there are concerns about some negative implications which include ethical and security risks for businesses, quantum attacks from hostile nation-states, and exacerbating current issues like data harvesting.

CISA’s Stance on Quantum Threats

CISA asserts that critical infrastructure is more at risk largely due to the public-key cryptography that U.S. networks rely on to secure sensitive data.

CISA provides insight to all critical infrastructure owners to have a successful transition in their Post-Quantum Cryptography Roadmap. The roadmap stipulates the following measures:

  • Taking actionable steps like inventory assessments of current cryptography technologies.
  • Developing acquisition policies for post-quantum cryptography.
  • Training staff about the upcoming transition from conventional to quantum computers is necessary.
  • Increasing engagement with standards developments relating to necessary algorithms and dependent protocol changes.
  • Managing inventory assessments and the security of critical datasets for an extended time.
  • Organizations must identify systems where public key cryptography is used and mark these systems as quantum vulnerable.

Preparing Organizations for the Quantum Threat to Cryptography

Many believe the time to worry about quantum computers threats is in a decade — but it’s sooner than we think. The process of adopting new standards usually takes years so it is crucial to begin planning for quantum-resistant cryptography now.

Organizations need to make arrangements and budget for a transition plan. This should include upgrading IT systems and deploying standardized quantum-resistant cryptography. They also need to be aware of how vendors plan to upgrade software and hardware. The preparation process should include software upgrades, and system patch delivery to systems using cryptography. They should also ensure the security of these upgrades and authenticate the source.

Moreover, organizations need to take advantage of agencies promoting awareness of quantum computers’ impact on cryptography. These agencies also provide steps to prepare for the transition to quantum-resistant cryptography when it comes.

The agencies partner with others to evaluate the next generation of quantum-resistant cryptography. The aim is to replace current cryptographic applications.

The Challenges With the Quantum Resistance Ahead

New technologies come with new opportunities and new risks — and quantum computers are no exception.

Building a large-scale quantum computer already has several challenges – fabrication, verification, and architecture. The technology derives its power from the ability to store a complex state in a single bit. Unfortunately, this also rather complicates the process of building, designing, and verifying. The verification issue is a cause of concern since it affects communication mechanisms, control circuitry for quantum operations, and more. Moreover, there’s no telling if it impacts the security of data within the technology itself.

Code breaking is another area of focus. An easy way to break codes in conventional computers is to try all possible keys. However, it is a much longer and difficult process. Quantum computing uses Grover’s algorithm to speed up this process. Another method called Shor’s algorithm is capable of breaking or weakening cryptographic algorithms within hours.

The potential for harm from quantum threats here becomes huge. Once encryption methods get broken, trust in data transmission becomes low. Cybercriminals will find it easy to create bogus certificates that call for the validity of a digital identity.

The technology’s effect would render communications as insecure as if encoding didn’t even exist. While there are a lot of worries about quantum computing, these fears remain hypothetical. Today’s quantum computing cannot break any commonly used encryption methods. However, concern for the vital security of our global network infrastructure and data drives the immense effort to counter a potential future of quantum threats.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Why Is the Healthcare Industry the Most Likely To Pay Cybercriminals for Ransomware Attacks?

Times are looking more brutal than ever for one of the world’s most critical industries. Ransomware attacks are skyrocketing, and healthcare organizations are increasingly cut off from much-needed cybersecurity insurance.  

But just how bad is the situation? A recent Sophos survey found that 66% of healthcare organizations were hit with a ransomware attack in 2021, up from 34% in 2020. Perhaps more alarming, healthcare organizations pay the ransom most often compared with other sectors (just over 60% compared with a cross-sector average of 46%. So, what’s going on here? Why is healthcare most likely to pay up in ransomware cyber-attacks? 

Why Do Cybercriminals Target Healthcare Organizations?

Healthcare organizations are a lucrative target for cybercriminals because medical records are a treasure trove of sensitive information. The Health Insurance Portability and Accountability Act (HIPAA) classifies various patient information, including Social Security Numbers, contact information, credit card information, and more, as protected health information (PHI). And PHI is one of the most valuable types of data out there.  

Beyond PHI’s higher selling price, healthcare organizations are more likely to be targeted with a ransomware cyber-attack because they’re more likely to pay the ransom. But why? 

Holding Someone’s Life in the Balance

Here’s the bottom line. We all understand why paying the ransom is bad; it feeds the hackers and incentivizes them to continue hacking, making the problem worse for all. However, not paying the ransom isn’t so simple in reality.  

In some industries, data provides a competitive advantage, but in healthcare, losing access to critical data and systems can put patients’ lives in danger. Or in other words, healthcare organizations aren’t blind to the ethical issues with paying ransoms, but getting their services back online quickly is often their top priority. When you consider that the average downtime a company experiences following a ransomware attack is 7-21 days, it’s not hard to see why healthcare companies cave to pressure.  

Medical Devices Can Present an Easy Entry Point for Ransomware Attacks

The healthcare security landscape is made increasingly complex with medical devices and The Internet of Medical Things (IoMT). Medical devices like insulin pumps, wearable biosensors, smart thermometers, and other remote patient monitoring technology play an increasingly vital role in the industry. However, these new devices open up worrying new entry points for attackers.  

As a relatively new industry, IoT still lacks strong security guidelines that help govern and secure other types of tech. At the same time, security is often not the primary concern in the development of new IoT and IoMT devices. Why? Because manufacturers want to maximize functionality while working with limited compute and hardware, which leaves minimal space for robust security and data protection measures.   

More often than not, these devices don’t store patient data. However, attackers can leverage these devices to gain access to other network resources, like a server that does hold sensitive data. Once attackers gain access to the network, they can exfiltrate data or, increasingly, install costly ransomware.   

Beyond IoMT, other complexities of the healthcare IT environment can leave healthcare companies vulnerable to cyber-attacks. For example, the need for efficient and widespread access to critical patient data across systems means two-factor authentication and zero trust defenses aren’t always feasible. 

An Increase in Ransomware Attacks is Making it Harder to Get Cybersecurity Insurance

Ransomware attacks are on the rise, healthcare IT environments are more complex than ever, and the cybersecurity skills gap puts in-house cybersecurity teams under immense pressure. With this dire picture in mind, healthcare organizations increasingly turn to cyber insurance to protect their vital assets and minimize cyber-attack damage. But there’s a problem – obtaining coverage is becoming more challenging.  

The Sophos report found that 51% of respondents said the level of cybersecurity needed to qualify for cyber coverage is now higher than in the past. At the same time, cyber insurance is becoming increasingly expensive.  

Ransomware attacks are a significant cause of changes we’ve seen in the cyber insurance market in recent years. Ransomware is now the largest driver of cyber insurance claims, and with attacks increasing, ransom payouts have soared. As a result, many cyber insurance providers have found themselves unable to keep up and have left the industry altogether. The ones that remain are changing their limits, coverage, and pricing to manage the increased risk.   

This has led to a seller’s market, where the dwindling number of providers hold all the power. They can charge what they want and be selective about who gets coverage. And unfortunately, many healthcare organizations aren’t meeting the selection criteria.  

Equally concerning is threat actors’ monitoring of cyber insurance companies’ relationships. According to Reuters, some ransomware attack check whether potential victims have policies that make them more likely to pay the ransom.  

However, the competitiveness of the cyber insurance market does seem to be having some positive effects. For example, over 95% of healthcare respondents said they have made improvements to their cyber defenses to boost their cyber insurance prospects. For example, nearly half of the covered respondents implemented new security processes and increased staff training.  

Despite the concerns surrounding cyber insurance, it’s crucial that healthcare organizations understand that cyber insurance isn’t a band-aid for weak cybersecurity. Instead, healthcare organizations need to deploy robust cybersecurity defenses that grant a speedy recovery from a cyber-attack, as well as backups and endpoint detection and response solutions.  

Wrapping Up

The healthcare industry has had a tough few years with COVID-19, rising staff shortages, increased demand for telehealth, and a constant onslaught of ransomware attacks. If the healthcare industry wants to lose its number one spot as the industry most likely to pay ransoms, it needs to take a more rigorous approach to cybersecurity. The cybercriminals will stop trying (or trying in colossal numbers) when the work becomes too hard and the reward too low. As it stands, healthcare is the low-hanging fruit for cybercriminals in 2022.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Passwordless Authentication: A Paradigm Shift in Security

Passwordless authentication appears to be the new belle of the ball amongst tech experts. Of course, the reasons all bother on the general challenges experienced by security companies and businesses.

The security and tech world continue to advance in scope and sphere – through developing efforts to improve existing structure. These changes are prompted by the ongoing surge in security breaches in which no industry is spared.

Security issues surrounding weak passwords serve as a driving factor for these breaches — and a nightmare for IT departments. As secure as some might believe them to be,, passwords remain the weakest link in today’s workplace security network. Stolen credentials are costly to resolve and come with many negative impacts.

As organizations rethink the future of the workspace, passwordless authentication seems to be a way out.

What is Passwordless Authentication?

Passwordless authentication is any method that eliminates the reliance on passwords to provide a a smoother user experience, stronger security posture, and reduced costs.

Passwordless authentication uses methods of identity proof to replace the use of passwords, passphrases, and other shared secrets. The replacements take OTPs as an alternate means. Authenticator apps, biometrics, hardware, and software tokens make up other forms.

Businesses encourage the adoption of passwordless authentication because it removes all vulnerabilities associated with secret-based passwords. But, there’s a constraint – the market is not fully ready for its adoption. Business enterprises struggle to cover the various use cases with a single solution.

Challenges of Password Authentication

Security Limitations

Passwordless authentication is not entirely foolproof, although it’s better than a password. Hackers can use malware to intercept one-time passwords. They also insert trojans into a browser to gain access.

Costs of Deployment

The implementation of passwordless authentication requires high costs. It comes with new software, hardware, trained employees, and more. Passwordless authentication also entails a change in management plans and projects.

The deployment also comes with hardware installations and the purchase of gadgets. In addition, the choice of software comes with hidden costs, software administration, maintenance, and migration.

Passwordless Authentication Methods

Biometric Authentication

It is a method that requires using biological characteristics such as facial features and fingerprints. This authentication method allows users to instantly log into their devices .

One-Time Passcodes (OTP)/PIN

The OTP is a method that puts the responsibility of generating dynamic codes on the service provider. As a result, it eliminates having to remember passwords or downloading apps.

Foremost in this category is the time-based one-time password (TOTP). The TOTP is a transient method and must be in sync with the time zone. It works with algorithms that generate passwords on a server and client whenever there’s system authentication. A major drawback is that a user may mistakenly tap multiple times to generate a token. When this happens, they have to restart the process.

Push Notifications Authentication

Push notifications work with an installed app on the user’s phone. The user receives a notification on a registered device containing the logins date, time, and location that allows them to accept or deny access.

Magic Links Login Authentication

Magic links require a user to enter an email address into the login box. An email is then sent with a link that requires clicking to log in. A user receives this magical link to ensure safety whenever there’s a login.

The Benefits of Passwordless Authentication

Reduced Costs

Password management and storage require a lot of resources. Resetting passwords and frequently changing password storage laws are also costly. Passwordless authentication helps to remove long-term costs.

Stronger Cybersecurity Posture

Passwords no longer provide a stalwart defense as many people repeat them multiple times.

Once a password gets breached, leaked, or stolen, it’s much easier for s hacker to gain access to your other applications. This allows malicious actors to then commit financial fraud or sell trade secrets to rival companies. Passwordless authentication takes care of these challenges by offering protection against the most prevalent cyberattacks.

Better User Experience and Greater Productivity

Users often have to generate and memorize multiple passwords, and because of this they sometimes forget them, forcing the task of then resetting them. For this reason, users use simple and uncomplicated passwords, Often using the same ones for numerous applications, with an addition of an extra character. The challenge here is that hackers find it easy to access these accounts.

Passwordless authentication eliminates these challenges, as users do not have to create or memorize their passwords. Instead, they only authenticate using emails, phones, or biometrics.

Scalability

Passwordless solutions work with technology and factors that end users already possess. Therefore, it becomes easier for mobile devices and laptops to infuse the various methods. Some passwordless authentication easily integrated includes biometrics and authenticator apps, Windows Hello, and fingerprints.

Top 10 Use Cases of Passwordless Authentication

Passwordless authentication can apply to a variety of use cases including:

  • Customer payments authentication
  • Remote logins
  • Logins for financial services
  • Call center authentication
  • Personal logins
  • Customer balance access
  • Record access
  • Mobile banking
  • Wire transfers
  • Push notifications

Changing the Security Paradigm: The Big Step

Businesses that integrate passwordless authentication have a strong concern for security. Organizations now realize that many security breaches result from the use of passwords. For them, the one-time cost of implementing passwordless authentication is more rewarding.

While it’s true that passwords are still quite common, the security risks are enough reason to make a switch. With the technology quickly gaining traction, there’s no better time to integrate passwordless authentication.

Indeed, passwordless authentication is the next digital breakthrough that offers key advantages over the traditional password including:

  • It helps to lower costs while also increasing revenue. Customers tend to gravitate towards such products and services that provide trust and security.
  • Providing a smooth user experience is preferrable to any customer.
  • The presence of the technology and its adoption is a vital element for trusted security.

Nonetheless, passwordless authentication remains in its early stages. While many businesses have yet to adopt the technology, there’s a strong sentiment that its adoption will help change the face of security in the near-term.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

6 Tips for Enhancing Security Across Your Remote Workforce

Before the pandemic, 17% of employees in the US worked from home five days or more per week – a share that catapulted to 44% during the pandemic, and more than 60% after the pandemic.  The COVID-19 pandemic climaxed the remote working trend, as workers were forced to work from home – a trend that continues as many organizations have embraced remote work within their company culture.

With this growing trend, organizations should enlighten employees on data security and how everyone is responsible for protecting it.  They should also create certain practices and steps to strengthen their organization’s data security. Remote workers must prioritize safe practices, data security education. 

Since 2020 began, the expectations that surround remote work have dramatically changed. The levels at which employees are looking for work-from-home jobs at an increasing rate, and employers are adopting the technologies, culture, and processes to make it happen. Across the globe, more businesses have implemented flexible schedules where employees can work on-site, remotely, or both. An estimate by Upwork stated that 36.2 million Americans will be working remotely by 2025, an 87% increase from pre-pandemic levels. 

While these flexible work options bring a huge range of benefits for both employer and employee, they also bring some challenges, particularly around data protection. The increase in working remotely must prompt organizations also, to level up their network security. Organizations can no longer rely on traditional network security to prevent unwanted network access. What to do is not difficult. It just requires technologies that enable enhancing security. 

One of the main perks of working remotely is location flexibility,  but now that telecommuting has become commonplace data security is more of a concern. This stems from employees using unsecured Wi-Fi networks or bringing company devices with confidential data to public locations. It was reported that 86% of organizations believe that remote workers increase the chances of an organization‘s data security breach. 

So, what can organizations with large remote workforces do to properly secure network access? Here are some viable ways to get started: 

Enhancing Security with a Formal Cybersecurity Policy

The first step in protecting an organization’s data is ensuring all employees view data security as a priority. Believe it or not, today, so many employees might still not know that data security is one of those things they should be highly concerned about, at both professional and personal levels. 

Employees may assume that if they are not working directly with customer data or  higher in the organization’s hierarchy, that they don’t need to worry over data security. Organizations should not assume that their employees know anything about their role or best practices in cybersecurity. 

The best place to start is by creating a cybersecurity policy. Make all existing and new employees sign and review the policy so that everyone in the company holds responsibility for protecting employer data. 

Ensure All Internet Connections Are Secure

The most common way to open your company to a data security breach is to use an unsecured Wi-Fi network. As a remote worker, you know and understand the need to get out of your house now and then. Here, remote workers need to be aware of how to ensure they keep company data secure. 

The easiest way is to ensure employees use a virtual private network (VPN). When they use VPNs before signing into public Wi-Fi networks, the employee’s internet traffic  will be encrypted and monitored for any signs of infection. Remote workers can freely step out of the house, and companies can guarantee that their data is secure. 

Note that not all VPNs are created equal. To ensure your organization uses the appropriate VPN, verify the VPN you are using and ensure it covers every factor you need, not just last-stage encryption. Once you decide on the standards you want, review the reputation of the VPN provider and conduct a cost comparison. 

Keep Strong, Varied Passwords & Use a Password Manager

Another easy way to protect your organization’s data is using strong password hygiene. Many people still don’t consider password safety an important step to prevent data breaches. Many even admit that they use the same password across various programs and devices but informing remote workers about password protection is one of the major keys to securing your company’s data. 

Using a password manager to randomly generate passwords for you is another way to lessen cyber risk. The password manager will store all your passwords safely and prevent the need to remember their different passwords. 

Enhancing Security with Two-Factor Authentication

Many organizations are adopting two-factor authentication to improve their data security. This method authenticates the user by requiring a username and password, along with either entering a PIN sent to their cell phone or answering a secret question. Though passwords can often be stolen or compromised, two-factor verification, it is unlikely for another person to have the PIN or answer a security question. 

Enhancing security even further, organizations could move to multi-factor authentication that requires additional verification, including voice or fingerprint recognition, face identification and voice recognition. This is typically more expensive and complex, but could be warranted depending on the level of security needed by an organization. 

Use Encryption Software

Encryption software is another way organizations, and their remote workers can protect data. Suppose an employee’s device gets lost or stolen. In this case, the information on the lost or stolen device can find its way into the wrong hands and open the company to vulnerabilities and data breaches. Encryption software protects organization data by barring access from unauthorized or third-party users of those devices. 

In addition, the organization should be mindful that any programs used for chatting, applications, or email should use end-to-end encryption. Popular programs like Adobe Acrobat and Microsoft Office, for instance, can easily encrypt documents and files that your remote workers use and share amongst each other.  

Don’t Forget Firewalls, Antivirus Software & Antimalware

Ensure remote workers have up-to-date antivirus software, anti-malware and firewalls on all their devices. In cases where devices are stolen, organizations might also want to wipe the lost or stolen devices remotely. Mobile device management platforms can perform most or all of these services by allowing remote workers to continue using their devices while ensuring the safety of company data.  

Employees might need the help of their employer in ensuring that their devices have these protections installed in them. Employees don’t always have the same technical expertise, so organizations concerned about data security should be ready to offer technical support help. This could mean creating partnerships with tech support services close to their remote workers or forming an internal tech support team that can guide employees through the necessary steps. 

Remote work does not have to negate data security. Once these top cybersecurity procedures are implemented and remote workers are educated, they can become standard practices quickly that the entire organization can easily commit to. . 

Final Thoughts on Enhancing Security for Remote Workers

Diligence from all management and employees is required to ensure these security measures are followed. Following the above guidelines can strengthen your organization’s security posture while keeping your data safe and secure.  

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Common SD-WAN Challenges & How to Avoid Them

A Software-Defined Wide Area Network (SD-WAN) enables organizations to rely on a combination of transport services. The increasing use of SD-WAN for connecting enterprise networks improves productivity, reduces cost, and increases application performance.  

It is a feature-packed technology that centralizes security, management, networking, and more. Consequently, organizations with cloud solutions view SD-WAN as an infrastructure upgrade to operations. 

Wrong Approaches

A frequent occurrence with businesses is the focus on individual technical elements. Unfortunately, many such enterprises fail to realize  the need to address end-to-end solutions. 

Selection should encompass all available approaches with the choice that best suits the company’s needs, budget, and savviness. Another aspect to  consider is the fact that IT teams often fixate on price. Unfortunately, most of them misinterpret prices, opting for cheaper options resulting in  poor network performance .  

Such 0rganizations often soon encounter issues with high latency, prolonged downtimes, less supportive service-level agreements, and more. As enticing as cost savings can appear, ensure it never poses serious risk to your network connectivity or SD-WAN designs. 

Responding to this Challenge:

  • Ensure that all choices and approaches produce maximum results for the company’s network. 
  • Consider platforms with built-in cloud and security vendor access for appliances. 
  • Ensure to prioritize necessary performance features over novel ones. 
  • Technology evolves at a rapid pace, so plan accordingly with future long-term growth in mind.

Overlooking the Quality of Service (QoS) Concept for SD-WAN

One attribute that should never get overlooked is the QoS. An equally important aspect is the quality of experience. However, SD-WAN service providers never seem to offer end-to-end prioritization. Although it provides an efficient traffic segmentation and path selection, traffic movement often gets delayed. Therefore, seeking an SD-WAN approach with ‘fail safe’ technology features is crucial. 

These options must offer superior performance to MPLS across all applications. MPLS itself comes with end-to-end QoS via six settings for service-level categories, though also with delayed traffic movement.  

Responding to this Challenge:

  • Never compromise on the quality of service and quality of experience with network connectivity.  
  • Be sure to purchase local site-by-site internet underlay with low-cost service that provides high QoS and QoE along with various available features.Consult with experts to get the best-customized recommendations. 

SD-WAN Security Requirements

Some SD-WAN technology lacks security capabilities. Unfortunately, these security lapses often open the door to cyber threats. 

 For instance, there’s usually an edge security change with SD-WAN features such as virtual private network (VPN) deployment. In other scenarios, data get transferred with every migration to cloud solutions. Therefore, deploying hardware and virtualized instances with accessed security policies still comes with risks. 

 Responding to this Challenge 

  • Organizations should take time to research all vendor claims and ensure all security functions meet  company criteria. 
  • Strategize the integration of cyber security and networking solutions instead of separating the two. 
  • Make it a habit to add new layers of security systems where and when necessary. 
  • Try integrating existing security with SD-WAN solutions. 

SD-WAN Management Issues

Today’s SD-WAN solutions help to blur the lines between DIY and the type of management structure in place. Organizations never get to pick the management level traditionally. One of the drawbacks of the SD-WAN model is that it breaks most businesses’ existing centralized security inspections.  

Organizations often build hub network architectures designed around the consolidation of data streams. The idea is to backhaul traffic through a centralized channel into data centers. Firewalls are used to create  single security inspection points  so that packets get examined before making it into the data center. The presence of an SD-WAN architecture makes this method ineffective. 

By default, SD-WAN solutions lack integrated security that allows routing all traffic through a full security stack for inspection. There’s also the task of threat prevention before proceeding to its destination. 

 With SD-WAN,  lots of traffic moves outside the data center perimeter. As such, connections to the cloud from external sources like remote workers never go through the traditional inspection process. 

The outcome for organizations is a forced decision. They have the choice of forgoing the benefits of SD-WAN by backhauling traffic to the data center for inspection, or simply not securing traffic on the WAN at all. 

Responding to this Challenge:

  • Give the required training to the IT team and staff members  
  • Get dedicated staff that can oversee the end-to-end SD-WAN implementation 
  • Infuse post-implementation monitoring and management into the company’s activity. 

Cloud Connectivity Requirements

When it comes to selecting SD-WAN projects, vendors and the IT team require cloud connectivity to either AWS, Google, or Microsoft Azure. Therefore, SD-WAN vendors typically belong to one of three categories based on their cloud access capabilities. 

  • Native Cloud Access: This category includes built-in access to the vendor’s SD-WAN architecture . It involves using the cloud’s backbone infrastructure for connecting to branch office sites. For vendors that adopt the cloud as a global backbone, this is an everyday occurrence. However, this option is better for connecting to  local cloud data centers since the deployment of cloud gateway architecture is a unique system. 
  • Vendor Access Provision: This category entails vendors delivering SD-WAN appliances to a cloud environment through public gateways or private backbones. Such an option comes with more flexibility regarding  vendor features. Public gateways and private backbones route traffic more efficiently than the Internet. 
  •  Customer Access Provision: Here the customer is responsible for deploying the appliances in the local cloud-based data center with this option. This option offers cloud access in a more ad hoc and  simplified architecture. 

Responding to this Challenge:

  • Normalize analyzing deployment needs and internal application performance. 
  • After implementation, monitor application performance. It ensures that the business takes timely actions and prevents any form of disruption. 
  • It’s crucial to decide the bandwidth requirements and latency policies in a multi-cloud environment. An excellent way to achieve this is by evaluating service dependency on several micro-service segments.

These shortcomings aside, SD-WAN offers numerous benefits for organizations  looking to optimize and transform their corporate networks.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cutting Through the Hype of Securing the Zero Trust Edge

What is Zero Trust?

Zero trust is a strategic approach requiring all network users to be authenticated, authorized, and regularly validated. The framework covers the internal and external users of an organization’s network.  

As a cybersecurity concept, it requires full awareness of security policy based on established contexts rather than assumptions. A well-defined zero trust architecture results in simpler network infrastructure, improved defense mechanisms, and a better user experience.  

How Does Zero Trust Work?

Zero trust pretends there is no traditional network edge in the cloud or hybrid, whether local. Its maxim is to always verify, and trust no user or device. 

The core philosophy of zero trust security is to presume that every user or device is hostile by default. As a model, it responds to the fact that the perimeter security approach isn’t 100% secure. The ability of cyber criminals to breach data even with corporate firewalls is enough proof. Users also access networks from different devices and locations, making  it  harder to clearly define perimeters while increasing the risk of security breaches.  

The approach zero trust uses is to treat all traffic as hostile. For instance, workloads get validated by a set of attributes before they can communicate. It also involves using fingerprint or identity-based validation policies to attain stronger security.   

  Zero trust draws on technologies, calls on governance policies, and uses push notifications for effective security. Since protection is environment-agnostic, zero trust secures applications. Moreover, it securely connects devices and users via business policies over any network. That way, it can enable a safe digital transformation. 

Why is Zero Trust Important?

The primary reason for introducing zero trust is to reduce risks. However, it also helps to manage risks associated with remote work, insider threats, and third-party and cloud security . 

  • Zero trust protects  organizations in various ways  including: Giving visibility to potential threats while improving proactive remediation and response. 
  • Preventing cyber threats like malware from gaining network access. 
  • Simplifying the management of security operations centers through enhanced automation. 

The Benefits of a Zero Trust Edge

The cloud environment is a highly attractive opportunity for cyber actors to steal troves of sensitive data, financial information, and intellectual property.  

While no security strategy offers a perfect solution to data breaches, zero trust helps reduce the surface attacks and the severity of cybercrimes. This includes the reduced cost and time spent responding to  breaches. 

The approach of not trusting any connection without the necessary verification is a crucial factor. Furthermore, companies deal with many cloud, data sprawl, and endpoints, making  it only logical to adopt a system that guarantees security.  

Other highlighted benefits include:  

  • Reducing the reliance on point solutions designed to detect and stop threat activity. 
  • Limiting possible avenues for data exfiltration. 
  • Enhancing the authority and use of authentication 
  • Reducing the literal movements of attackers within an organization
  • A sneak peek into all user activity
  • It offers improvements in both on-premises and cloud-based security posture.  

Cutting Through the Zero Trust Hype

There’s no doubt that zero trust architecture gives a new face to trusted network-defining perimeters. However, it remains a theoretical concept in practice for many establishments. 

The challenge for these organizations becomes looking beyond the buzzwords of vendors. They need to put the possible outcomes of any security technology into consideration. One major point to note is that the designs of security solutions follow core principles. The zero trust edge security model also has principles that need evaluation before its adoption. 

According to Forrester’s research, the Zero Trust concept focuses on the integrated, dynamic ecosystem of security capabilities and technologies. Simply put, the principles highlight three areas access denial to applications and data by default. These include threat prevention by granting access to networks utilizing continuous and contextual organization policy, risk-based verification across users, and their associated devices. 

Any establishment wishing to integrate the zero trust model  must consider certain parameters such as: 

Internal Applications

An application lacking micro perimeter compatibility or Application Programming Interfaces (API) support to automation finds zero trust implementation impossible. Also, adding new security parameters to existing applications to make them zero trust-aware may not work. Furthermore, it may lead to an existing application’s inability to accommodate a zero-trust model.  

What becomes obtainable is a  good level of reliance on custom applications, while determining the effort and potential cost required. 

Transformation in the Digital Sphere

Adopting the zero trust edge security model could be challenging for organizations using Cloud, DevOps, IoT, and IIoT. These applications do not inherently support the zero trust model. One reason is that they require additional technology to enforce or segment the model. In addition, a straight migration of a raised floor to the cloud discourages zero trust integration. Nonetheless, to bypass this challenge, organizations must develop new cloud applications as a service. That way, it will embrace the zero trust architecture.  

Legacy Infrastructure

Some legacy infrastructure and network devices lack authentication models for modifications to contextual usage. It is the very reason they can’t be zero trust edge aware. In addition, all zero trust implementations require a layered approach to enable systems. 

Organizations must weigh their options carefully before venturing into a zero-trust architecture. Monitoring behavior within a non-compatible application comes with limitations. They only get to monitor external interactions of the legacy device. On the flip side, having an accurate infrastructure inventory comes with benefits. Zero trust expects that administrators have a handle on all corporate infrastructures, from users to devices, data, applications, and services. It also requires where these resources reside. With all these in place, center administrators possess the power to detect and respond to cybersecurity threats promptly.  

The best way to approach the zero trust architecture is to conduct a thorough investigation. IT and security teams need to ensure that the network technologies of the organizations comply with the architecture. Trust models work strictly on keys or passwords with no dynamic models for authentication modifications.  

Security teams also need to navigate through the aggressive claims of vendors, extensively testing against its use cases, and ensuring product verification is top-notch for integration without creating vulnerabilities. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

If Only They Had a NAC…Understanding the Cisco Hack

Cisco recently confirmed they were the victim of a data breach in which hackers were able to steal 2.8 GB of data. Although these breaches are nothing new (SolarWinds, Credit Suisse, Twitter, the list goes on…) the Cisco breach is especially concerning because many organizations rely on Cisco products to keep their networks safe.   

What Happened?

The hackers were able to successfully compromise an employee’s personal Google account.  Since the employee had enabled password syncing via Chrome and had saved their Cisco credentials in their work browser, once the account was compromised the hackers had the first bit of information they needed to break in.   

MFA Fatigue & Vishing

Of course, Cisco has MFA (multi-factor authentication) set up for VPN access, so the hackers then used a combination of MFA Fatigue and Vishing (Voice Phishing) attacks to get the employee to accept a push notification. MFA Fatigue is when they spam your device with Push requests to allow access; if you’ve ever accidentally clicked “OK” when you meant to click “Cancel” you know how easy it can be to get it wrong and it only takes once. And if you didn’t know beforehand this was a method hackers use to get break into a VPN….you might just assume it was a glitch, press OK and move on. 

 Vishing is when someone calls you and pretends to be from a legitimate business entity to get you to give up personal and/or financial details. Your first thought is likely to be “I would never fall for that” but these bad actors have plenty of information stored on you to convince you that they’re really calling from where they say they are. Such tactics often include number spoofing to impersonate your bank or corporate office, to confirm details like your credit card number and the last four digits of your SSN.  Everyone has a story of a “near miss” when they almost clicked on a suspicious link or answered some questions they shouldn’t – it only takes one moment of being too trusting.     

And Then…

From there the hackers went on a whirlwind tour of expanding the systems they could access until they reached a domain controller, downloading all the user data, enrolling other devices for VPN access, creating a new user just called “Z” and adding them to the local administrators group, and installing other hacking and access tools like TeamViewer, LogMeIn, Cobalt Strike, and more.  

There is an excellent, detailed write-up here for those interested in a deep dive.   

Could a NAC Have Stopped it?

Is there a tool that could have prevented this from happening?  If you had a robust NAC solution like Portnox NAC-as-a-Service, would you be safe from this kind of attack?  The answer is absolutely, without a doubt…maybe. 

ZTNA (Zero-Trust Network Access) is a term that gets thrown around a lot, but this is a perfect example of why it’s so important. It boils down to this: your network should never trust that you are who you say you are. Many people think of VPNs as totally safe, and you’ve probably rolled your eyes a time or two when you had to go through the extra MFA step, but when it comes down to it, you don’t want trust just any device accessing your network, even if the user account is valid (because as we know from the Cisco example, sometimes it simply isn’t.) 

So, the best way to prevent a compromised account from accessing your network is to make sure access is limited to only people AND devices you trust. 

Without a VPN, this is easy – you can use the MAC address of the device to verify it and block anything that is using an unknown MAC even if the user credentials are valid. When you introduce a VPN, though, it becomes a little trickier, because VPNs use a ‘virtual’ network interface with a completely made-up MAC address. 

The best way to accomplish true ZTNA is via user account and certificate validation.  Certificate-based authentication is the use of a digital certificate to identify a device before granting access to a network resource (versus granting access to any device when a user account is valid.)  Certificates are stored on a specific device, signed by a trusted root certificate authority, and are only good for a set amount of time. Your NAC checks for the certificate to be valid and properly signed when you try to log in, thus verifying both the user account and device.  While certificate-based authentication is certainly not new, it is gaining popularity due to closing the gaps left by purely password-based authentication. 

There is also a possibility of using ComputerName as a RADIUS Attribute, but the device needs to support additional RADIUS attributes and not all of them do.  If your network is comprised of hardware from several different vendors, certificates are the way to go when you need your solution to be truly vendor agnostic.   

Users are always the biggest threat to network security, and at the end of the day most of our tools are designed to save us from the people who also need access to internal resources to keep us running.   

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

You Were the Victim of a Data Breach. Now What?

A data breach is something every individual and organization needs to avoid. Unfortunately, it has become all too common  in today’s online world. One major way that personal information becomes compromised is through identity theft. It’s better not to imagine the extent of damage that goes along with that.  

 In this highly-connected world, cybersecurity is continuously increasing in scope and size.  

 For one, consumers want to conduct business with enterprises capable of keeping hackers away. As a result, it becomes necessary to put a response plan against data breaches. The question, therefore, is how do you prevent or respond to a data breach?  

What is a Data Breach?

A data breach occurs when an organization suffers a security incident that affects the confidentiality, availability, or integrity of its data. Consequently, the rights and freedoms of individuals become compromised. 

Data breaches strike every industry, sector, and individual. For individuals, the cost is often personal financial damage to investment funds, salaries, or savings. On the other hand, corporations often spend hundreds of thousands or millions in dollars to repair systems, improve defense, and more.  

How Do Data Breaches Happen?

 Compromised credentials are the most common method  cyber attackers use to enter a database. The approach accounts for 20% of data breaches.  

Most affected credentials include passwords and usernames obtained through a different security incident. Various attack methods come into play in these data breaches including brute-force attacks, megacart attacks, phishing and more. Also, a breach could result from an insider, negligence, and business email compromise (BEC).  

For an inside threat, the attackers first conduct surveillance, then map out a network for the most valuable resources, before targeting a potential pathway to infiltrate the systems.  

 Financial motivations are the reason for most inside attacks. Some employees jump at it when they get tempting offers to make extra money. The outcome is your information changing hands.  

Types of Data Breaches

A data breach is also great at ruining a brand and not just your revenue. For  individual to remain safe, a knowledge of the common types of breaches is a must. You also need to know how it affects you. So, here is a list. 

  • Malware or Virus: The goal of this threat is to wipe  information from a computer. For companies that heavily rely on data, this is always a heavy blow.  
  • Password Guessing: Stolen passwords all to often result in extreme damage. Passwords are typically hacked due to their simplicity and being easily guessable. Prime examples of this include Passwords derived  from people’s names, pet names, or birthdays. 
  • Ransomware: As the name suggests, this occurs when you  pay a ransom to regain access to your phone or computer.  
  • Phishing: Phishing involves the mirroring of a website with a fake duplicate that can highly resemble the original. When you unknowingly log into the site, the attackers steal your password to conduct  their criminal activities.  

How to Detect a Data Breach

As data breaches become inevitable, detection is becoming an increasingly important initiative. At this rate, cybersecurity has become an essential investment for individuals and organizations. We all need to understand who is vulnerable to data breaches and how to detect and respond to them.  

Data breach detection is not always easy. It often involves an intelligent Data Security Platform, especially in the case of large companies.  Their tools help to  provide speed and precision when mitigating damages. 

Nevertheless, there are always warning signs that indicate when your system has experienced a data breach. Here are red flags you need to the investigate: 

  • Sudden user account lockouts or password changes.  
  • Strange user activity such as logging in at irregular times from unknown locations. 
  • Unusual pop-ups, redirections, or changes to browser configuration. 
  • Unusual activity on network ports 
  • Strange messages from you by email or social media 
  • Strange configuration changes without an approval 

Effects of Data Breaches

Irrespective of the size, a data breach can destroy a business. For example, 60% of small businesses often shut down within six months after an attack.  These occurrences can stem from multiple factors including:  

  • Poisoned Corporate Brand: Data breaches have a way of tainting a business reputation –the effects of which can linger long after the incident. 
  • Loss of Sales: Reputational damage can lead to a loss of customers and  sharp drops in revenue due to drops in customer trust. 
  • Loss of Intellectual Property: Intellectual property constitutes over 80 percent of a company’s value today.  Losing intellectual property can threaten the future of the company and also leaves it vulnerable. In some instances, some competing businesses will even take advantage of stolen information for their own gain. 

How to Develop a Data Breach Response Plan

Have an Incident Response Checklist 

Having an incident response checklist for data breaches can provide guidance for what to do during breach scenarios. It contains an outlined task to carry out so that everyone knows what exactly to do. However, the checklist should be flexible to allow adjustments for evolving threats. 

Be Informed about Laws and Regulations 

Regular government policy changes are often a headache for SME businesses. Because of the rise in cybercrime, governments and agencies constantly change regulations on data protection. Be sure to keep tabs on these changes and adapt to new laws. 

Review New Cyber Threats 

Never take the news of a data breach for granted. It’s important to consistently review new security risks as these provide highly valuable insights.  

Identify Data Security Platforms 

In case of a security breach, contacting a forensic service provider is safe. They are highly skilled at investigating the cause and impact of an attack. It is best to have the contact for one beforehand rather than waiting for a crisis to find one.  

Steps to Take After a Data Breach

1.  Identify the Source and Extent of Damage

The first thing to do about any cyber attack is to identify the source. You also need to identify the type and the extent of the damage. It is a time-consuming process when operating without a prevention system. 

2. Having an Intrusion Prevention System (IPS)

An IPS automatically logs the security event to you and tracks down the source and identify of  the affected files when in use. You can also gain insight into the particular actions taken by the threat actor. 

3.  Inform your Forensic Service Provider

You need to have a structure in place for addressing security emergencies. If you have a team, have them to swing into action immediately. Remember your checklist and let them follow the procedure for resolving the issue. If it is an inside threat, revoke the account’s privileges and change the password. Should you not have an in-house team, inform your security service provider to tackle the problem.  

4.  Test your Security Fix

Once the issue gets resolved, implant a short-term security fix to prevent future occurrences. Don’t forget to also test any security fix to avoid attackers using the same method. Be sure to conduct the test on all computers and servers. 

5.  Inform Authorities and Affected Customers

Customers need to be informed about a breach of their personal data so they take personal measures to protect their identities such as canceling credit cards and setting up two-factor authentication if available. Informing customers requires three critical factors — time, information, and thoroughness. Be sure to communicate honestly and openly where necessary and provide steps of guides for them to protect themselves. In addition, contact authorities about the breach. The government and security agencies provide post-breach regulatory standards for every industry. 

6.  Prepare a Clean Up and Damage Control

The loss of customer confidence is another devastating effect of data breaches. They tend to be more cautious with any organization after a breach. When you fix all breach-related issues, quickly pivot and work on restoring public trust.  

Final Thoughts on Data Breaches

There is no single method for responding to a data breach . Data breaches often require a case-by-case approach along with a thorough risk assessment to determine the best course of action. The extent of damage and nature of the breach will determine the precise steps needed. The response team may work with additional staff or external experts such as IT specialists/data forensics experts. While data breaches can undoubtedly be a nerve-wracking event, the first rule is always prevention, and having  a sound response plan  can help  put the mind at ease. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Portnox & Cisco Meraki: Better Together When Securing & Controlling Access for Cloud Managed IT

The Challenge

Digital transformation is engulfing enterprise IT, with many legacy solutions migrating to the cloud. Paired with the Bring-Your-Own-Device (BYOD), Internet of Things (IoT), cloud adoption and mobile workforce trends, CISOs, network admins and IT teams are faced with new and complex challenges in securing their risk-based perimeter. As that perimeter extends off campus to remote environments, the need arises for convenient access that will encourage productivity and increase efficiency, while enforcing security policies and controlling exposure to emerging cyber threats.  

Access Control Meets Cloud Managed IT

The Cisco Meraki and Portnox NAC-as-a-Service partnership helps enterprises realize the potential of cloud managed IT by providing complete visibility, control and management capabilities for network access. As enterprise begins to implement digital transformation, through BYOD, Internet of Things, the mobile workforce and cloud infrastructure, pervasive security tools are required to ensure that access is secured across the risk-based perimeter. 

Together, Meraki and Portnox provide mid-market organizations and enterprises with the cloud and compliance infrastructure they need to embrace the benefits of digital transformation, while securing, controlling and appropriately managing access across all network endpoints.  

Quick and easy deployment, low operational costs and flexible on-boarding of network endpoints makes the Meraki-Portnox collaboration an essential security tool for the innovative enterprise.  

The Key Features of Our Joint Offering

  • Enhanced Security: Secure access in all locations and at all times for wired, wireless, and VPN access. 802.1x provides top-notch user authentication, adding a layer of multi-factor authentication (MFA) to VPN. 
  • Full Visibility: Achieve full visibility into all network endpoints, from operating systems through to open ports and onto running applications. Carry out persistent posture assessments on devices and determine their level of access based on a machine learning devised risk score.  
  • Zero-Touch Deployment: Start controlling network access today with a pre-deployed and integrated environment including certification authority (CA), RADIUS, user databases and more.  
  • Complete Control Over Access: Discover all network endpoints and authorize access regardless of the endpoint’s credential validity to allow for gradual deployment of 802.1x access protection.  
  • Flexible On-Boarding: Add devices to wired/wireless networks based on a variety of pre-defined or unique parameters, as well as an option for secured persistent access for contractors and guests.  
  • Deep Dive into Devices: Gain context on the devices connecting to your network to better understand their level of risk including information on installed applications, services, certificates, users, open ports and user locations. 
  • Widen Switch Support: The joint solution supports 802.1X, certificate, domain and MAC authentication, as well as group-based dynamic VLAN assignments. 
  • Move from CAPEX to OPEX: Make the capital expenditure you continually invest in maintaining legacy security solutions operational expenditure that is investor based on level of need and degree of service use. 
  • Compliance Compatible: Easily implement compliance directives automate policy management and enforcement across the network. 
  • Stable and Secure Enterprise Grade Solution: With a highly available yet secured RADIUS Server, as well as agent support for all platforms, ensure business continuity no matter the circumstances. 
  • Support for MSP/MSSP Model: Service providers can easily manage their existing subscriptions together with Portnox, making the solution part of its repertoire of services, including rebranding options as needed. 

Portnox-Meraki Use Cases

Portnox and Meraki’s joint offering is great news for network security, access and control. Here’s how the solutions work together, providing benefits that are made possible by joining forces: 

  • Persistent risk assessment of employee and contractor workstation to devise a network access control policy based on usage, location and a number of other endpoint characteristics. 
  • Perform risk assessments and provide access through a one-time password when accessing over the VPN. 
  • Simply control network segmentation based on VLAN assignment and Active Directory Groups. 
  • Certificate-based authentication across the entire enterprise – ideal for a multi-site environment. 
  • Allow for sponsored guest access, making it easier for guests and contractors to access what they need on the network, while controlling the method and scope of access permissions based on endpoint compliance and risk score.  

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。