Device Authority Adds Key Features to KeyScaler for IoT Security
Device Authority, a global leader in Identity and Access Management (IAM) for the Internet of Things (IoT), today announces the latest update of its IoT security platform. One of the first products to deliver password management and Public Key Infrastructure (PKI) certificates to devices without human intervention, KeyScalerâ„¢ version 5.5 is set to dramatically streamline and strengthen the ways in which organizations secure their connected devices.
KeyScaler is Device Authority’s flagship integrated IoT security platform that combines secure device registration and provisioning, credential management and end to end policy-driven encryption. This enables organizations to manage the security of the IoT ecosystems both at scale and through periods of rapid growth.
Version 5.5 introduces unique Automated Password Management (APM) technology to tackle the real-world challenges organisations are facing today with cyber attacks involving connected devices. In 2016, 63% of data breach incidents were related to weak credentials, and recent large scale attacks Mirai and BrickerBot used weak credentials as their exploit vector. Notably, the video surveillance market has experienced the consequences with cameras being compromised. KeyScaler’s APM reduces the headache and removes the associated human risks of manually updating credentials on hundreds or thousands of IoT devices. (Read More)
The NSA’s Inadvertent Role in the Major Cyberattack on Ukraine
One of the NSA’s beyond–top secret hacking tools has been stolen and while the ensuing damage falls far short of an unauthorized nuclear strike, the thieves have wreaked cybermayhem around the world.
The mayhem was committed by a group called the Shadow Brokers, which in April announced that it had acquired the NSA tool (known as Eternal Blue) and published its exploit code online for any and all hackers to copy. In May, some entity—widely believed to be North Koreans—used the the exploit code to develop some malware, which became known as WannaCry, and launched a massive ransomware attack, which shut down 200,000 computers, including those of many hospitals and other critical facilities.
Then on June 27 came this latest attack, which was launched by the Shadow Brokers themselves. This struck some security analysts as odd, for two reasons. First, the Shadow Brokers are believed to be members of—or criminal hackers affiliated with—a Russian intelligence agency, and Russians tend not to hack for mere cash. Second, the attack was slipshod: The ransoms were to be paid to a single email address, which security experts shut down in short order. If the Russians had decided to indulge in this mischief for money, it was a shock that they did it so poorly.
Now, however, several cybersecurity analysts are convinced that the ransomware was a brief ploy to distract attention from a devastating cyberattack on the infrastructure of Ukraine, through a prominent but vulnerable financial server. (Read More)
How to turn Cybersecurity into a Business Asset
World-class organizations recognize that cybersecurity can, and should, be a powerful enabler for business: they align their cybersecurity strategy with corporate strategy, they support it with the right culture and technology, they accurately measure its performance, and they understand that performance in terms of business value and return on investment.
What they don’t do is adopt an imprecise, one-size-fits-all approach to cybersecurity that fails to properly mitigate the risks it claims to address, like that imposed by the Investigatory Powers Act (IPA) and the recent calls by Amber Rudd to outlaw strong encryption. These high-cost, outdated sledgehammers that claim to regulate and improve surveillance capabilities not only fail to improve security, they erode the privacy and security of innocent citizens and businesses.
Organizations that want to turn cybersecurity into a business asset can learn from the failings of successive Government attempts to successfully legislate against cybersecurity risks. As I see it, there are four key pillars of effective cybersecurity strategy that enables a business to operate securely and successfully.(Read More)