Technology

Related News

Common Viruses And Signs You Need To Take Action

  • Yackulic Khristopher
  • Published date: 2021-06-23 06:53:43

Even though many Mac users long believed their computers were at less of a risk of viruses than others, that doesn’t mean they can’t get them at all. In fact, people who have owned both Windows and Mac computers have found themselves the victim of vicious mal…

Even though many Mac users long believed their computers were at less of a risk of viruses than others, that doesn’t mean they can’t get them at all. In fact, people who have owned both Windows and M… [+3228 chars]

GPS III's Long Journey Is Picking Up Speed

  • None
  • Published date: 2021-06-23 06:26:00

I've devoted a significant fraction of my computer science career trying to improve 'memory safety' in computer systems, and I believe that this particular article below (including its figures) is perhaps the best set of arguments I've ever seen for using a t…

Forum on Risks to the Public in Computers and Related Systems ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Please try the URL privacy information feature enabled by cl… [+51012 chars]

Risks Digest 32.72

  • None
  • Published date: 2021-06-23 05:21:12

Posted by RISKS List Owner on Jun 22RISKS-LIST: Risks-Forum Digest Tuesday 22 June 2021 Volume 32 : Issue 72 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for…

RISKS Forum mailing list archives Risks Digest 32.72 From: RISKS List Owner <risko () csl sri com>Date: Tue, 22 Jun 2021 22:05:05 PDT RISKS-LIST: Risks-Forum Digest Tuesday 22 June 2021 Vol… [+55727 chars]

From books to biometrics: Jeff Bezos’ lasting footprint on security

  • Ben Goodman
  • Published date: 2021-06-23 00:00:00

None

<div class="body gsd-paywall article-body"><p>When Jeff Bezos announced his plan to step down as Amazon’s CEO, tech leaders across the world paused to reflect not only the impact Bezos made on e-commerce, but also on technology and the e-commerce industry at large. Amazon has set the standard for user experiences and redefined consumer expectations, most notably through reimaging delivery and cost savings strategies through price comparison tools and subscription-based services. Perhaps less obvious, but just as important, is the superior customer experience Amazon has built around customer identity by making it nearly invisible to consumers, all without compromising security. </p><h3><strong>How Amazon set the standard in e-commerce for consumers </strong></h3><p>Online and mobile shopping have been transformed by Amazon in myriad ways. First, the user experience is completely intuitive, easy-to-use, and seamless. Amazon rarely asks users to re-enter their passwords before making a purchase, and it even offers a “buy now” button for an express buyer experience. Yet to create this level of buyer ease requires significant behind-the-scenes work. </p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>Companies like Amazon use mature and robust behavioral analysis technology to create an unmatched, frictionless customer experience without sacrificing security that many e-commerce brands strive to replicate. For example, artificial intelligence (AI) and machine learning (ML) are used to monitor consumer behavior to ensure customers are who they say they are, looking at data inputs like previous purchase history, how long users browse before buying, and how users scroll on their phone screens to ensure that it’s <em>them </em>making the purchase. Because every user and every transaction is evaluated independently, Amazon can identify behavioral patterns that indicate probable fraud and then introduce friction in the buying process to further prevent it. Most importantly, this back-end security and customization only enhances the user experience, eliminating the hassle that comes with customers having to remember and update their password. </p><p>Amazon and the tech industry at large have trained people to expect this level of immediacy and access -- it’s no longer a nice-to-have, but a must-have. Users want a never-log-in-again future, and it’s possible today. Seamless digital experiences have already become part of the fabric of the internet, and in a few decades, younger generations will look at usernames and passwords like the current generation looks at floppy disks, a relic of a bygone technology era. </p><h3><strong>The problem with passwords</strong></h3><p>While the same technology that enables a great customer experience and can proactively detect and mitigate things like fraud to save companies millions, there is a weak link -- passwords.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>Successfully managing dozens or more usernames and passwords to login is an impossibility for even the most tech savvy people. To cope, most people default to easily-guessed passwords or they reuse them, making all systems only as secure as the weakest one. One hacked password is used over and over to attack other systems. As a result, <a href="https://www.businesswire.com/news/home/20200305005188/en/Forty-Two-Percent-of-IT-and-Security-Managers-Say-Their-Organizations-Have-Been-Breached-as-a-Result-of-User-Password-Compromise-According-to-Enterprise-Management-Associates-Research" target="_blank">passwords are the leading attack vector used in data breaches</a>, and moreover they create a poor user experience that drives customers away or causes workforce productivity to drop. In fact, on average, <a href="https://www.forgerock.com/resources/view/116529047/whitepaper/reduce-call-volume-and-support-costs-with-intelligent-self-service.pdf" target="_blank">75% of e-commerce shopping carts are abandoned</a>, causing retailers more than $18 billion a year.  </p><h3><strong>The power of behavioral data</strong></h3><p>Today, most mobile devices are full of technologies, including sensors, cameras, and GPS that capture behavioral patterns, which can be used to define normal behavior for a specific user. Specific, often unconscious actions like how a person holds their phone, types on their keyboard, or moves their mouse can help identify individual human activity. Bots often show irregularities by navigating websites in a very distinct way, moving from the homepage to their objective within seconds. Obviously, bots also can’t physically hold a phone, so there is little activity with phone sensors, which is another key identifier of suspicious behavior.</p><p>While all of this behavioral analysis is ambiently occurring in the background, users have little to no visibility into how this works or ultimately how this impacts their experience, making a security system like Amazon’s nearly invisible and therefore deeply valuable. A growing number of companies are leveraging these concepts to democratize the type of behavioral analysis to which a company like Amazon has access. </p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <h3><strong>Making the move toward biometric authentication</strong></h3><p>While behavioral and biometric data is a powerful tool for companies seeking to offer the highest levels of security to users, how companies manage that data is the final puzzle piece in mitigating breaches and creating a more secure future for account authentication. By deploying a distributed authentication process that allows user data to remain on each device, rather than uploading it to a main central server where it provides an attractive target for bad actors, enterprises complicate traditional attack methods that seek to gain entry into a company’s central server to extract desired data. </p><p>Instead, each step of the authentication process requires a specific key that is unique to each device. This key is used instead of a username and password to authenticate to the platform the user is trying to access. This technology almost works like magic, providing a streamlined yet secure experience for the appropriate user while introducing digital speed bumps for bad actors. This distributed security approach also significantly increases barriers for cybercriminals. Without a central trove of passwords to attack, hackers would have to compromise credentials on each individual device, which is much more difficult, time consuming, and ultimately much less successful for hackers. </p><p>Ultimately, behavioral biometrics offer a powerful tool for companies seeking to streamline user experience while increasing security measures using technology and tools that are already accessible through devices. The benefits of this technology, progressed most obviously by Amazon, are significant for both consumers and businesses alike. So, while many of those discussing Jeff Bezos’ impact on the world view his legacy as creating a powerful, unprecedented e-commerce machine, it’s the underpinnings of that machine -- advances in biometrics and authentication -- that have been a quiet enabler of Amazon’s dominance and transformed how companies embrace offering the best user experience without compromising security.</p></div>

Hexnode Announces Keynote Speakers for HexCon21, Selects Earlier Date for Global User Conference

  • None
  • Published date: 2021-06-22 18:00:00

SAN FRANCISCO, June 22, 2021 /PRNewswire/ -- Hexnode, a leading Unified Endpoint Management (UEM) solution company, announces today their annual global user conference HexCon21 will be held at an earlier date than last year's early-December conference. This y…

SAN FRANCISCO, June 22, 2021 /PRNewswire/ -- Hexnode, a leading Unified Endpoint Management (UEM) solution company, announces today their annual global user conference HexCon21 will be held at an ear… [+2579 chars]

BEC Losses Top $1.8B as Tactics Evolve

  • Becky Bracken
  • Published date: 2021-06-22 16:41:00

BEC attacks getting are more dangerous, and smart users are the ones who can stop it.

<div class="c-article__content js-reading-content"> <p>Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organizations with these types of attacks last year alone — and things are getting worse.</p> <p>BEC attacks are carried out by cybercriminals either impersonating someone inside an organization, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020, and reminded the security community that in addition to technology, smart users armed with a healthy skepticism of outside communications and the right questions to ask are the best line of defense.</p> <p>“The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop,” the report said.</p> <p><a href="https://threatpost.com/newsletter-sign/"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>It’s easy to get hung up on the splashy breaches of major global companies. But the true revenue is being generated by smaller <a href="https://blog.talosintelligence.com/2021/06/business-email-compromise.html" target="_blank" rel="noopener">BEC attacks</a>, the report said.</p> <p>“Although a lot of attention gets paid to more destructive and aggressive threats like big-game hunting, it’s BEC that generates astronomical revenue without much of the law-enforcement attention these other groups have to contend with,” the report explained. “If anything, the likelihood of this has only increased in the pandemic, with people relying more and more on digital communication.”</p> <h2><strong>Most Dangerous BEC Attacks in 2020 </strong></h2> <p>Gift card lures are by far the most popular in BEC attacks, Cisco Talos said. Most often, these emails will come from a free service like Gmail, Yahoo or Outlook and will appear to be coming from someone important within the organization. The requests will often have a sad story or hardship wrapped up in the request and will try to get the victim to purchase Amazon, Google Play, iTunes and PlayStation or other common variety of gift card.</p> <div id="attachment_167145" style="width: 1034px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-167145" loading="lazy" class="wp-image-167145 size-large" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/22161523/BEC-lure-1-1024x290.png" alt="" width="1024" height="290"><p id="caption-attachment-167145" class="wp-caption-text">Source: Cisco Talos.</p></div> <p>If these scams sound like the classic “Nigerian Prince” emails of yesteryear, these phishing lures are similar with one specific distinction: The BEC emails are targeted at individuals, usually those with email addresses published on a website or other company materials.</p> <p>“The amount of and types of businesses that get targeted with these attacks is truly staggering, ranging from huge multinational corporations down to small mom-and-pop restaurants in U.S. cities,” Talos said. “We found examples of small restaurants that are being targeted by impersonating the owners, since the information was available on their website.”</p> <p>COVID-19 became a popular theme for some of the more despicable attackers. Some asked for gift cards for children orphaned by the pandemic, which another group in a gross attempt contacted an employee in a hospice unit and asked for donations for a supposed dying patient, with the promise they would be paid back.</p> <p>“This truly shows there are no lows these actors won’t sink to to try and convince people to give in to their monetary demands,” Cisco added. “This is further illustrated by the successful campaigns we’ve analyzed and the ways these actors typically operate.”</p> <p>Convincing a target to provide a phone number under the auspices of a scam acquisition was another tactic used by one group, more than one time.</p> <p>The acquisition lure asked for the victim’s phone number with an email that appeared to be sent and received from the same company, but a closer look shows a slight difference between them.</p> <div id="attachment_167146" style="width: 1034px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-167146" loading="lazy" class="wp-image-167146 size-large" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/22161531/BEC-lure-2-1024x351.png" alt="" width="1024" height="351"><p id="caption-attachment-167146" class="wp-caption-text">Source: Cisco Talos.</p></div> <p>The image has the company name redacted, “however, you can still see the reply-to address in the email ([email protected][.]cc),” Cisco said. The report pointed out if the recipient did, in fact, work in acquisitions, the risk would be ratcheted up significantly.</p> <p>Cisco Talos first traced these acquisition-themed BEC attacks back to 2019, but added there are only a small number being sent out every several weeks.</p> <p>Another effective tactic that BEC attackers deployed against organization leveraged support contracts, which usually serve to service purchased items. The threat actors would open support tickets or order replacement parts as a way into the target’s system.</p> <p>“We started seeing a series of emails in mid-2020 with similar subject lines, all ending in ‘Logistics Support Request,’ with some acronym or company name at the beginning,” the report said.</p> <div id="attachment_167147" style="width: 743px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-167147" loading="lazy" class="wp-image-167147 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/22161539/BEC-lure-3.png" alt="" width="733" height="276"><p id="caption-attachment-167147" class="wp-caption-text">Source: Cisco Talos</p></div> <p>Once the targeted employee responded, the attacker asked for payment under the support contract.</p> <p>“In most of the examples we analyzed, the victim realized they were being scammed before they sent any money, but again, this is not always the case.,” the report said. “These actors typically just leveraged free email platforms, mostly Gmail accounts, to conduct these campaigns.”</p> <p>Of course, since 2020, there have been all sorts of other BEC campaign themes observed by researchers, including <a href="https://threatpost.com/lewd-phishing-lures-business-explode/166734/" target="_blank" rel="noopener">lures with X-rated material</a> and a recent, and since fixed, <a href="https://threatpost.com/microsoft-teams-tabs-bec/166909/" target="_blank" rel="noopener">Microsoft Teams vulnerability</a> that provided access to employee emails.</p> <h2><strong>BEC Attack Protections </strong></h2> <p>The report acknowledged that most of the attacks observed by researchers at Cisco Talos were in English, but that’s changing too. European, Asian and other language regions are starting to make their way into these attacks, and the report reminds companies which do business in multiple languages to flag terms in each of those languages to be filtered.</p> <p>Another important mitigation is to tag emails from outside the organization with a subject line tag, like “[External],” as a signal to users to eye its contents with skepticism, Cisco Talos advised.</p> <p>But it’s the trained, keen eyes of an organization’s employees that are the ultimate line of defense against <a href="https://threatpost.com/email-security-attacks-bec/163869/" target="_blank" rel="noopener">BEC attacks</a>. Beyond training, the Cisco Talos analysts suggested employees who can spot and stop these kinds of attacks should be loudly applauded within the organization.</p> <p>“If you do have a user that stops these types of campaigns, reward them,” the report suggested. “They have saved your company a lot of potential loss, and by reinforcing the behavior, hopefully more employees will be willing to step up and stop these types of attacks from occurring.”</p> <p><strong>Join Threatpost for “</strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Tips and Tactics for Better Threat Hunting</strong></a><strong>” — a LIVE event on </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Wed., June 30 at 2:00 PM ET</strong></a><strong> in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Register HERE</strong></a><strong> for free.</strong></p> <p> </p> <p> </p> <p> </p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="BEC Losses Top $1.8B as Tactics Evolve" data-url="https://threatpost.com/bec-losses-top-18b/167148/" data-counters="no" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>

Sofia Kaufman Appointed Chief People Officer of Aura

  • None
  • Published date: 2021-06-22 14:20:00

BURLINGTON, Mass., June 22, 2021 /PRNewswire/ -- Aura, a leading provider of digital security solutions for consumers, today announced the appointment of Sofia Kaufman to Chief People Officer. As Aura's Chief People Officer, she will lead the team at Aura res…

"Sofia is committed to her colleagues, centering her recommendations on goals to best support culture, teams and growth," said Hari Ravichandran, founder and CEO, Aura. "Her dedication to building tr… [+1346 chars]

Email Bug Allows Message Snooping, Credential Theft

  • Tom Spring
  • Published date: 2021-06-22 14:07:00

A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

<div class="c-article__content js-reading-content"> <p>Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by over three-quarters of IMAP servers, according to <a href="http://openemailsurvey.org/" target="_blank" rel="noopener">Open Email Survey</a>.</p> <p>The vulnerability opens the door to what is called a meddle-in-the-middle (MITM) attack, according to a report by researchers Fabian Ising and Damian Poddebniak, with Münster University of Applied Sciences, based in Germany.</p> <p><a href="https://threatpost.com/newsletter-sign/"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>“The vulnerability allows a MITM attacker between a mail client and Dovecot to inject unencrypted commands into the encrypted TLS context, redirecting user credentials and mails to the attacker,” according to research <a href="https://hackerone.com/reports/1204962" target="_blank" rel="noopener">linked to from a bug bounty page</a> and dated August 2020.</p> <p>A patch for the vulnerability, rated by the vendor as -severity and by the third-party security firm <a href="https://www.tenable.com/plugins/nessus/150939" target="_blank" rel="noopener">Tenable as critical</a>, is available <a href="https://ubuntu.com/security/CVE-2021-33515" target="_blank" rel="noopener">for download in the form of Dovecot version v2.3.14.1</a>.</p> <h2><strong>Bypassing TLS and Certificates</strong></h2> <p>The flaw centers around the implementation of the email instruction called START-TLS, a command issued between an email program and server that’s designed to secure the delivery of email messages, according to a <a href="https://www.anubisnetworks.com/blog/ssl_and_tls_explained_in_5_minutes" target="_blank" rel="noopener">technical description by Anubisnetworks</a>.</p> <p>“We found that Dovecot is affected by a command injection issue in START-TLS. This bug allows [an attacker] to bypass security features of SMTP such as the blocking of plaintext logins. Furthermore, it allows [an attacker] to mount a session fixation attack, which possibly results in stealing of credentials such as the SMTP username and password,” researchers wrote.</p> <p>A session fixation attack allows an adversary to hijack a client-server connection after the user logs in, according <a href="https://owasp.org/www-community/attacks/Session_fixation" target="_blank" rel="noopener">to an OWASP description</a>.</p> <p>“In order to conduct the attack, an attacker first creates a legit account on a Dovecot server. They now wait for and [intercept] an encrypted connection on port 465 from a victim’s email client,” researchers wrote. “As soon as the client connects, the attacker initiates a separate START-TLS connection to Dovecot and injects their own malicious prefix, e.g. a login command.”</p> <p>Researchers say, due to the implementation flaw with START-TLS in Dovecot, the attacker can login to the session and forward the full TSL traffic from the targeted victim’s SMTP server as part of its own session.</p> <p>“The attacker obtains the full credentials from its own inbox. At no point was TLS broken or certificates compromised,” the researchers wrote. The pair also outlined the bug in a proof-of-concept attack.</p> <h2><strong>Patches Available</strong></h2> <p>A fix for the vulnerability, <a href="https://ubuntu.com/security/CVE-2021-33515" target="_blank" rel="noopener">tracked as CVE-2021-33515</a>, is available for Dovecot running on Ubuntu, the Linux distribution based on Debian. Dovecot version v2.3.14.1 and later mitigates the issue.</p> <p>Workaround fixes have been available for the flaw and are outlined by Ising and Poddebniak. One of them includes disabling START-TLS and configuring Dovecot to only accept “pure TLS connections” on port 993/465/995.</p> <p>“Note that it is not sufficient to reconfigure a mail client to not use START-TLS. The attack must be mitigated on the server, as any TLS connection is equally affected,” the researchers wrote.</p> <p><strong>Join Threatpost for “</strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Tips and Tactics for Better Threat Hunting</strong></a><strong>” — a LIVE event on </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Wed., June 30 at 2:00 PM ET</strong></a><strong> in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Register HERE</strong></a><strong> for free!</strong></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Email Bug Allows Message Snooping, Credential Theft" data-url="https://threatpost.com/email-bug-message-snooping-credential-theft/167125/" data-counters="no" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/vulnerabilities/">Vulnerabilities</a></li> </ul> </div> </div> </footer> </div>

IoT Tech Maturity Presents Attractive Opportunity for On-Device Security Solutions

  • None
  • Published date: 2021-06-22 12:53:00

. Oyster Bay, New York - 22 Jun 2021. Creating secure IoT devices can be difficult due the breadth and variety of form factors available on the market, which makes for a fragmented ecosystem where security standardization is difficult. Today, security solutio…

Oyster Bay, New York - 22 Jun 2021 Creating secure IoT devices can be difficult due the breadth and variety of form factors available on the market, which makes for a fragmented ecosystem where secu… [+3222 chars]

Sovereign fund PIF considers Saudi Telecom stake sale, sources say - Reuters

  • Hadeel Sayegh,Marwa Rashad
  • Published date: 2021-06-22 12:44:00

Saudi Arabia's Public Investment Fund (PIF) is considering divesting part of its stake in Saudi Telecom (7010.SE), sources close to the matter told Reuters, as the sovereign wealth fund seeks to monetise some of its assets.

DUBAI, June 22 (Reuters) - Saudi Arabia's Public Investment Fund (PIF) is considering divesting part of its stake in Saudi Telecom (7010.SE), sources close to the matter told Reuters, as the sovereig… [+1936 chars]

Kids’ Apps on Google Play Rife with Privacy Violations

  • Tara Seals
  • Published date: 2021-06-22 12:24:00

One in five of the most-popular apps for kids under 13 on Google Play don’t comply with COPPA regulations on how children’s information is collected and used.

<div class="c-article__content js-reading-content"> <p>About 20 percent of the Top 500 kids’ mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children’s Online Privacy Protection Act (COPPA). These have been downloaded by a collective 492 million users, researchers said.</p> <p>That’s according to an analysis from Comparitech, which reviewed each app’s privacy policy to see whether or not it met the key areas of COPPA regulations.</p> <p><a href="https://threatpost.com/newsletter-sign/"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>COPPA, imposed by the Federal Trade Commission (FTC), applies to online services, apps and websites that target children under 13, and it requires child-directed websites, apps and online services to provide notice of their data-collection practices and obtain parental consent prior to collecting personal information from children under 13. That includes the use of persistent identifiers for targeted advertising.</p> <h2><strong>COPPA Requirements for Kids’ Privacy</strong></h2> <p>The main requirements, according to Comparitech’s analysis, are:</p> <ul> <li>A clear and comprehensive online privacy policy which details their practices for collecting PI from children under 13;</li> <li>Reasonable efforts to provide direct notice to parents of their practices regarding the collection, use or disclosure of PI from children;</li> <li>Reasonable means for a parent to review the PI collected;</li> <li>Reasonable procedures to protect the confidentiality, security and integrity of the PI collected from children;</li> <li>Clear data-retention policy for children’s PI, keeping it for only as long as is necessary to fulfill the purpose for which it was collected; and</li> <li>Listing of the name, address and email address of all third parties (such as ad networks) collecting or maintaining PI from the app.</li> </ul> <h2><strong>Top 500 Kids’ App Violations</strong></h2> <p>The potential COPPA violations that the firm found when examining the apps varied, but the majority of them stem from apps collecting personal data without including a child-specific section in the privacy policy. This suggests “that children’s data is collected and used the same as adult data,” according to Comparitech’s <a href="https://www.comparitech.com/blog/vpn-privacy/app-coppa-study/" target="_blank" rel="noopener">Tuesday analysis</a>. Researchers added, “A separate section on how the developers ensure children’s safety should be included. If the app didn’t collect any data whatsoever, this wouldn’t be necessary.”</p> <div id="attachment_167109" style="width: 1034px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-167109" loading="lazy" class="wp-image-167109 size-large" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/22113154/COPPA-1024x576.png" alt="" width="1024" height="576"><p id="caption-attachment-167109" class="wp-caption-text">Analysis from privacy policies. Source: Comparitech</p></div> <p>Meanwhile, about 9 percent of the apps don’t collect data themselves but work with third-party advertisers and analytics companies that potentially do, researchers said.</p> <p>“For example, one app suggests geographic location may be used through Google Analytics, and other third-party ad networks may collect various pieces of data, including geographic location and device ID,” according to the firm. “In this case, a child-specific section and parental consent are necessary, as is in-depth detail about each third party. It is also likely that many of the 50 percent of app developers that collect PI themselves also work with third parties that collect PI, too.”</p> <p>Also problematic: More than 5 percent of the apps investigated claim they aren’t targeted toward children (and are therefore exempt from COPPA), despite many of them including the terms “kids” and “toddler” in their name, Comparitech found. All of these are listed under the “Everyone” age category on Google Play, and 10 of them are even listed as “teacher-approved.”</p> <p>In fact, fully half of the apps that potentially violate COPPA are “teacher-approved,” the analysis revealed.</p> <p>“Google’s Teacher Approved program requires apps to go through an additional layer of review (the first is for the submission into family/children categories),” researchers explained. “In this review, teachers and specialists evaluate the apps based on multiple criteria, including design quality, appeal to children, and age appropriateness (including in-app adverts, purchases, and cross-promotions).”</p> <p>The firm also found that another 9 percent of apps recommend that children avoid giving their PI to the app or for parents to monitor the app’s usage. However, not providing a proactive way to obtain consent could be a COPPA violation.</p> <p>“Apps should request parental consent from the onset if they’re to collect PI (they shouldn’t expect parents to look into this themselves, and they certainly shouldn’t expect children to read privacy policies before submitting data),” according to Comparitech.</p> <p>And finally, another 6 percent of apps fail in partial ways: They don’t explain how a parent can consent or how they can can access their child’s data, for instance, or the privacy policy lacks clarity.</p> <p>“For example, one app discusses child safety for those aged 6 and under but doesn’t address children aged 7 to 13,” the firm explained.</p> <h2>COPPA Fines and Lawsuits</h2> <p>The FTC has not been shy about doling out fines and lawsuits for violating COPPA. In June 2020 for instance, children’s app developer HyperBeard <a href="https://threatpost.com/ftc-childrens-app-developer-coppa-violations/156355/" target="_blank" rel="noopener">was slapped with</a> a $150,000 fine after being accused of illegally collecting children’s data without parental consent.</p> <p>TikTok was also hit with an <a href="https://threatpost.com/tiktok-violated-childrens-privacy-law-ftc-complaint-says/155755/" target="_blank" rel="noopener">FTC complaint</a> in May of that year, which alleged that the platform continued to fail to adequately protect children’s privacy, despite paying a $5.7 million fine the year before relating to an earlier version of its app, called Musical.ly.</p> <p>Meanwhile, in February of this year, a district judge <a href="https://today.westlaw.com/Document/I18e16a30666811eba5acc9672eef21f4/View/FullText.html?transitionType=Default&amp;contextData=(sc.Default)&amp;VR=3.0&amp;RS=cblt1.0&amp;firstPage=true" target="_blank" rel="noopener">ruled that a suit could proceed</a> against Google and an app developer called Tiny Lab. The latter creates mobile game apps including Fun Kid Racing, Candy Land Racing, Baby Toilet Race: Cleanup Fun, and GummyBear and Friends Speed Racing.</p> <p>Google faces claims that apps it hosts in the “Designed for Families” section Google Play, with the specific example of TinyLab, know that they’re targeting and collecting children’s data, and are responsible for being COPPA-compliant when it comes to the behavior of any related ad networks.</p> <p>“AdMob, Twitter/MoPub, InMobi/AerServ, Applovin and ironSource…sold their proprietary software development kits (SDKs) to Tiny Lab for installation and use in its gaming apps,” reads the complaint. “When a Tiny Lab app is downloaded onto a child’s device … the ad networks’ SDKs are also installed as app components. Once so embedded, while a child…plays one of the apps, the ad networks’ SDK collects personal information about that child and tracks the child’s online behavior to profile the child for targeted advertising. This activity is invisible to the child and her parents.”</p> <p><strong>Join Threatpost for “</strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Tips and Tactics for Better Threat Hunting</strong></a><strong>” — a LIVE event on </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Wed., June 30 at 2:00 PM ET</strong></a><strong> in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Register HERE</strong></a><strong> for free!</strong></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Kids’ Apps on Google Play Rife with Privacy Violations" data-url="https://threatpost.com/kids-apps-google-play-privacy-violations/167110/" data-counters="no" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/mobile-security/">Mobile Security</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/privacy/">Privacy</a></li> </ul> </div> </div> </footer> </div>

Sovereign fund PIF considers Saudi Telecom stake sale, sources say - Reuters

  • Hadeel Al Sayegh, Marwa Rashad
  • Published date: 2021-06-22 12:15:00

Saudi Arabia's Public Investment Fund (PIF) is considering divesting part of its stake in Saudi Telecom, sources close to the matter told Reuters, as the sovereign wealth fund seeks to monetise some of its assets.

(Removes extraneous text before first paragraph) DUBAI, June 22 (Reuters) - Saudi Arabias Public Investment Fund (PIF) is considering divesting part of its stake in Saudi Telecom, sources close to t… [+1886 chars]

Behind the scenes with the head of Kaspersky’s GReAT

  • GIXnews
  • Published date: 2021-06-22 11:24:00

How did you start your career in cybersecurity? I probably got into cybersecurity by accident. It was the early 90s, when my high school’s network was infected by a computer virus, a very nasty one called BadSectors. Unfortunately, none of the antivirus produ…

Costin Raiu has been with Kaspersky since 2000, initially as the Chief Security Expert overseeing research efforts in the EEMEA region. In 2010, he became Director of our Global Research and Analysis… [+6812 chars]

Behind the scenes with the head of Kaspersky’s GReAT

  • None
  • Published date: 2021-06-22 09:53:00

How did you start your career in cybersecurity? I probably got into cybersecurity by accident. It was the early 90s, when my high school’s network was infected by a computer virus, a very nasty one called BadSectors. Unfortunately, none of the antivirus produ…

Costin Raiu has been with Kaspersky since 2000, initially as the Chief Security Expert overseeing research efforts in the EEMEA region. In 2010, he became Director of our Global Research and Analysis… [+6900 chars]

Arizona GOP official blasts company carrying out election recount: 'Insane just from a competence standpoint'

Maricopa County Recorder Stephen Richer said that the Cyber Ninjas' work was so poor that it would only ever convince conspiracy theorists.

The ongoing ballot audit in Arizona run by Cyber Ninjas is "insane just from a competence standpoint," according to a local GOP elections official. Stephen Richer, the Maricopa County Recorder, blas… [+2225 chars]

Innova and RISE drive node development in Sweden

  • Gerard O'Dwyer
  • Published date: 2021-06-22 08:42:00

Swedish cyber security project, National Node, opens its doors to the country’s security firms

Swedens national node project has reached a new development milestone by opening its door to the countrys top cyber security firms. Backed by leading state-run technology funding agencies Research I… [+7312 chars]

Six Flags to Pay $36M Over Collection of Fingerprints

  • Elizabeth Montalbano
  • Published date: 2021-06-22 07:14:00

Illinois Supreme Court rules in favor of class action against company’s practice of scanning people’s fingers when they enter amusement parks.

<div class="c-article__content js-reading-content"> <p><img loading="lazy" class="alignright wp-image-139149 size-thumbnail" src="https://media.threatpost.com/wp-content/uploads/sites/103/2018/11/16105242/fingerprint_digital-150x150.jpg" alt="biometric fingerprint" width="150" height="150"></p> <p>Theme park operator Six Flags has agreed to pay $36 million to settle a class-action lawsuit over its acquisition of the fingerprint data of visitors to its theme parks.</p> <p>The Illinois Supreme Court ruled in the case <a href="https://epic.org/amicus/bipa/rosenbach/" target="_blank" rel="noopener">Rosenbach v. Six Flags</a> that collecting biometric data at premises’ gates by scanning fingerprints of people who enter the company’s theme park violates Illinois <a href="https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&amp;ChapterID=57" target="_blank" rel="noopener">Biometric Information Privacy Act</a> (BIPA).</p> <p>Passed in 2008, the BIPA regulates how companies collect and use someone’s biometric data, such as a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. The law mandates that a company must obtain a person’s written consent before acquiring and storing this type of data.<br> <a href="https://threatpost.com/newsletter-sign/"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>The case involved a mother, Stacy Rosenbach, who in 2016 sued Six Flags Entertainment Corp. after the Gurnee, Illinois, branch of the theme park scanned the fingerprint of her 14-year-old son Alex without obtaining written consent and without properly disclosing the company’s business practices as to how they would use the data.</p> <p>After passing through lower courts, the case made it to the Illinois Supreme Court, where Six Flags filed a motion to dismiss the case, claiming that Rosenbach was not an “aggrieved party” according to the BIPA because she had not proven an actual injury under the law.</p> <p>However, the court denied the motion, ruling that someone “need not allege some actual injury or adverse effect, beyond violation of his or her rights” to qualify as an “aggrieved” person under the law, according to its decision.</p> <p>Mediation between the parties occurred, after which they agreed to a settlement that entitles anyone who first had their finger scanned by Six Flags Great America when entering the  park between October 1, 2013, and April 30, 2016, to receive up to $200. People who first had their finger scanned when entering the park between May 1, 2016, and December 31, 2018, could receive up to $60.</p> <h2><strong>Win for Privacy Advocates</strong></h2> <p>The case is not the first time the BIPA has been cited by a lawsuit aiming to limit a company’s collection of biometric data, which in and of itself has been a hotbed of controversy for its privacy implications.</p> <p>In a high-profile case still being heard, the American Civil Liberties Union (ACLU) <a href="https://threatpost.com/aclu-sues-clearview-ai-over-faceprint-collection-sale/156117/" target="_blank" rel="noopener">sued New York-based startup Clearview AI</a> on behalf of a number of organizations comprised of vulnerable communities for amassing a database of biometric face-identification data of billions of people and selling it to third parties without their consent or knowledge.</p> <p>Previously, Vimeo, the popular ad-free video platform, also was <a href="https://threatpost.com/vimeo-slapped-with-lawsuit-over-biometrics-privacy-policy/148695/" target="_blank" rel="noopener">slapped with a lawsuit</a> for alleging storing people’s facial biometrics without their consent or knowledge.</p> <p>The court’s decision in the Rosenbach case now sets a precedent for how the BIPA can be used legally in the future, clearly setting limits on companies’ collection of biometric data and seeming to side in favor of private citizens’ rights.</p> <p>Indeed, one privacy organization backed Rosenbach’s case against Six Flags with a legal brief called an amicus to lend support for its position against the collection of biometric data by amusement parks.</p> <p>The Electronic Privacy Information Center (EPIC) first identified the risk of this practice in a document published in 2018, Theme Parks and Your Privacy, which “noted that it is disproportionate and unnecessary for theme parks to collect biometric identifiers from attendees,” according <a href="https://epic.org/amicus/bipa/rosenbach/EPIC_Amicus_Rosenbach.pdf" target="_blank" rel="noopener">to the bri</a>ef.</p> <p>The filing went on to cite numerous security risks that people face the moment they give up biometric-identity data as reasons the court needs to hold companies accountable for breaking laws like the BIPA intended to limit the collection of this data.</p> <p>“A private entity that chooses to collect biometric information in violation of BIPA should not be allowed to ignore its legal obligations,” EPIC wrote in the brief.</p> <p><strong>Join Threatpost for “</strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Tips and Tactics for Better Threat Hunting</strong></a><strong>” — a LIVE event on </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Wed., June 30 at 2:00 PM ET</strong></a><strong> in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. </strong><a href="https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=June_PaloAltoNetworks_Webinar" target="_blank" rel="noopener"><strong>Register HERE</strong></a><strong> for free!</strong></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Six Flags to Pay $36M Over Collection of Fingerprints" data-url="https://threatpost.com/six-flags-to-pay-36m-over-collection-of-fingerprints/167103/" data-counters="no" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/privacy/">Privacy</a></li> </ul> </div> </div> </footer> </div>

Making our computers more secure

  • None
  • Published date: 2021-06-22 04:00:00

Columbia Engineering researchers who are leading experts in computer security recently presented two major papers on memory safety that make computer systems more secure at the International Symposium on Computer Architecture. This new research, which has zer…

IMAGE: Digital crime by an anonymous hacker view more  Credit: Shutterstock/ Rawpixel.com New York, NY--June 22, 2021--Because corporations and governments rely on computers and the internet to r… [+8677 chars]

Finding Trusted Suppliers and Sourcing Products Efficiently: New Innovations for Security Leaders

  • None
  • Published date: 2021-06-22 00:00:00

None

<div class="body gsd-paywall article-body"><p>We’ve seen the rapid expansion of digital technology continue to disrupt every aspect of how businesses operate. From billing and payment systems to information management and storage, to nurturing customer relationships, to interacting and communicating, digital technology is reshaping how business gets done. However, when it comes to digital sourcing, professional buyers acknowledge there are challenges – especially when borders are crossed. Ensuring quality, and giving buyers access to more choices from different suppliers to find products at a price that works for them and their needs, meet their strict requirements, and managing smooth and fast delivery rank among the most important hurdles for buyers.</p><p> </p><h3><strong>Digital disruption – and opportunity</strong></h3><p>We’ve seen the rapid expansion of digital technology continue to disrupt every aspect of how businesses operate. From billing and payment systems to information management and storage, to nurturing customer relationships, to interacting and communicating, digital technology is reshaping how business gets done. The pandemic further accelerated the changing security landscape. With a dramatic increase in the percent of people working from home, organizations raced to find solutions to protect company networks being accessed through personal devices and through potentially unsecure Wi-Fi networks, while also keeping physical facilities secure with much reduced security staff.  With disrupted supply chains and reduction in in-person business interactions, organizations that needed security products to run their facilities had to turn to digital channels for sourcing and procurement.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>In fact, now, 93 percent of all U.S. companies are already doing some portion of their B2B business online.</p><p>However, when it comes to digital sourcing, professional buyers acknowledge there are challenges – especially when borders are crossed. Ensuring quality, and giving buyers access to more choices from different suppliers to find products at a price that works for them and their needs, meet their strict requirements, and managing smooth and fast delivery rank among the most important hurdles for buyers.</p><p> </p><h3><strong>The dramatic impact of COVID-19</strong></h3><p>The COVID-19 pandemic dramatically accelerated “going digital” as many aspects of the industry have had to make adjustments, essentially overnight, to keep their organizations running and avoid any slowdowns and interruptions.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>For example, amid the pandemic, B2B sourcing and selling via an online ecommerce marketplace grew by 14 percentage points -- from 21% to 35% -- between December 2019 and September 2020 (Source: Alibaba.com US B2B Small and Medium Business Survey, September 2020).</p><p>Businesses have now been exposed to the upsides of embracing ecommerce, and are in search of ways to successfully adopt these new technologies to gain more efficiencies, and achieve new levels of growth.</p><p> </p><h3><strong>Alibaba.com is leading the way</strong></h3><p>As one of the world’s largest B2B and wholesale online marketplaces, Alibaba.com serves millions of business buyers and suppliers of all sizes across more than 200 countries, offering a suite of powerful tools built specifically for B2B trade. Business buyers can discover new products and place orders on the Alibaba.com platform fast, securely, and efficiently and sellers can reach a global audience for their products.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>With Alibaba.com, companies can:</p><ul> <li> <strong>Expand their international footprint</strong>. The inherently global nature of the Alibaba.com supplier base allows buyers to grow their reach digitally without the need to travel. Time zones become unimportant, allowing business discovery and communication 24/7.</li> <li> <strong>Optimize shipping efficiencies</strong>. Buyers can take advantage of transparent, reliable, and cost-effective logistics services, simplifying the entire process. Intelligent route algorithms and multiple freight forwarders and carriers are available to ensure end-to-end transparency and real-time tracking.</li> <li> <strong>Source securely from around the world</strong>. Alibaba.com supports over ten major global payment methods and 50+ currencies worldwide. To reduce the risk, buyers who purchase on the Alibaba.com platform can use the free proprietary order protection escrow service, Trade Assurance. Through Alibaba.com Trade Assurance, if anything goes wrong with issues of quality or shipping delays, Alibaba.com will assist in reaching a satisfactory outcome, including getting your money back.</li> </ul><p>To make it even easier, Alibaba.com recently introduced an <a href="https://sale.alibaba.com/p/d9lkvod8f?wx_screen_direc=portrait&amp;wx_navbar_transparent=true&amp;path=/p/d9lkvod8f&amp;ncms_spm=a27aq.23448356&amp;prefetchKey=met&amp;tracelog=c+mb+trademedia" target="_blank"><strong>Elite Partner Event</strong></a> that is accessible year-round. This vetted group of global suppliers represents innovative, new technologies and products in a variety of categories to help enhance your competitive edge.</p><p>One of these verified partners in the Security and Protection industry is <a href="https://telepower.en.alibaba.com/productlist.html?spm=a2700.shop_index.88.29&amp;tracelog=Ctrademedia" target="_blank">Telepower Communication</a>, (Telpo for short), the world’s leading smart terminal and solution provider. Founded in 1999, Telpo has established locations in Hong Kong, Nigeria, Sri Lanka, India, and 28 other international service centers. Their products have served more than 120 countries and provide services to over 5,000 customers.</p><p>A critical component of Telpo’s strength as a premiere supplier is their superior research and development capabilities and 22 years of industry experience. With over 200 engineers, more than 300 technology patent, and 400 product certificates under their belt, Telpo can deliver highly customized services to businesses across a wide range of industries from telecommunications, to financial institutions, to internet companies, and global restaurant chains, to name a few.</p><p>An equally important benefit is Telpo’s ability to quickly respond to changing market dynamics. For example, in the midst of a global health crisis, Telpo developed a series of anti-epidemic solutions certified by their CNAS laboratory including thermometry, health code verification, and digital vaccine passport authentication to help countries around the world improve detection speed and better control the epidemic in their region.  </p><p> </p><h3><strong>Alibaba.com Online Trade Show | Summer: Premium suppliers. Efficient sourcing.</strong></h3><p>Exceptional companies like Telpo are exactly the kind of premium suppliers on Alibaba.com that business buyers from around the world seek. While in-person global trade shows are still on hold, Alibaba.com has been hosting a series of online trade shows that have resulted in tens of thousands of new connections with suppliers like Telpo.</p><p>In fact, right now, Alibaba.com is hosting <a href="https://sale.alibaba.com/p/dozj3kwn8/index.html?wx_screen_direc=portrait&amp;wx_navbar_transparent=true&amp;path=/p/dozj3kwn8/index.html&amp;ncms_spm=a27aq.23403871&amp;prefetchKey=exhibition&amp;tracelog=c+mb+trademedia" target="_blank">Alibaba.com Online Trade Show | Summer</a> from June 14 through June 27.  The all-digital experience will feature more than 10,000 premium suppliers across a spectrum of 30+ categories on the Alibaba.com website.</p><p>“The Alibaba.com Summer Online Trade Show is a two-week event on the Alibaba.com website, where business buyers and sellers from around the globe can connect and collaborate with premium suppliers online, so that they can source more efficiently, effectively, and with ease, from the safety and convenience of their homes and offices,” said John Caplan, President of North America and Europe, Alibaba.com.</p><p>There are a host of benefits the online trade show experience includes.</p><ul> <li> <strong>Premium connections with trusted suppliers</strong>. Buyers can easily reach out to selected suppliers with outstanding products and services, from R&amp;D and tailor-made design to customer service and order fulfillment. To help buyers source efficiently and screen for quality, the “Verified” logo will appear alongside manufacturers that have been verified by independent third parties for industry-specific qualifications and services. When searching for product details or through company profiles, buyers can see these suppliers’ strengths like corporate qualification, product qualification, and corporate capabilities.</li> <li> <strong>Exclusive VIP Pavilion access*</strong>. Where the top one percent of Alibaba.com buyers can meet and negotiate directly with managers rated four stars and above from more than 1,000 suppliers.</li> <li> <strong>Cutting-edge industry insights</strong>. Businesses will be able to hear from Alibaba.com leaders like John Caplan, President, North America &amp; Europe, and Flora Yan, Head of Integrated Marketing as well as Dirk Kowslowski, Director of IFA, Kai Hattendorf, CEO of Ufi and learn from successful buyers and sellers on Alibaba.com. In-depth industrial reports filled with data and trends from Alibaba.com will also be available.</li> <li> <strong>Pro Buyer Discounts*</strong>. Businesses who have upgraded to <a href="https://sale.alibaba.com/p/ds76k0r7i/index.html?spm=a2700.7756200.0.0.50641afabWsErJ&amp;tracelog=c+mb+trademedia" target="_blank">Pro Buyers</a> on or before June 27 can receive a US $100 coupon to use on Alibaba.com.</li> </ul><p>Note: * Available only to qualified Pro Buyers</p><p> </p><h3><strong>Learn more</strong></h3><p>Businesses can learn a whole lot more by visiting the <a href="https://sale.alibaba.com/p/dozj3kwn8/index.html?wx_screen_direc=portrait&amp;wx_navbar_transparent=true&amp;path=/p/dozj3kwn8/index.html&amp;ncms_spm=a27aq.23403871&amp;prefetchKey=exhibition&amp;tracelog=c+mb+trademedia" target="_blank">Alibaba.com Online Trade Show | Summer</a>, from June 14 through June 27.   Premium suppliers and efficient sourcing are just a click away.</p></div>

Survey finds utilities industry has the highest Window of Exposure

  • None
  • Published date: 2021-06-22 00:00:00

None

<div class="body gsd-paywall article-body"><p>WhiteHat Security published their latest installment of the <a href="https://www.whitehatsec.com/appsec-stats-flash/">AppSec Stats Flash</a> report and podcast, surveying the current state of the application security and wider threat landscape. Key findings from the report include the average time (rolling 12 months) to fix critical vulnerabilities has increased from 197 days in April 2021 to 205 days in May 2021, and in the case of the recent security events, undetected and unresolved cyberattacks can lead to devastating ransomware threats, supply chain risks, and application vulnerabilities.</p><p>Key takeaways from the report include:</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <ul> <li>Utilities sector applications continue to have highest Window of Exposure (WoE).</li> <li>Time to Fix has also seen a significant up-tick pointing to a growing need to implement targeted campaigns to address the most commonly found vulnerabilities. The most commonly found vulnerabilities list remains constant.</li> <li>OWASP Top 10's A1 - Injection are Implementation Vulnerabilities, often requiring software engineering effort to fix. Within A1, SQL Injection is the pre-dominant vulnerability that plagues applications.</li> </ul><p>Additional details on this month’s statistical data and findings include:</p><ul> <li> <strong>Window of Exposure – </strong><em>Key metric that allows organizations to benchmark against their respective industry peers and is an indicative sign of breach exposure.</em> <ul style="list-style-type:circle;"> <li>WoE for Utilities Sector remained constant from last month with 67% of all applications in the Utility sector having at least one exploitable vulnerability open throughout the year.</li> <li>WoE for the Finance and Insurance industries exhibit a starkly opposite trend - for almost 30% of the applications in these industries, all serious exploitable vulnerabilities fixed under 30 days of being detected.</li> </ul> </li> </ul><p style="margin-left:1.0in;"> </p><ul> <li> <strong>Vulnerability Likelihood By Class</strong> <ul style="list-style-type:circle;"> <li>The top-5 vulnerability classes identified in the last 3-mo rolling window remain constant: Information Leakage, Insufficient Session Expiration, Cross Site Scripting, Insufficient Transport Layer Protection &amp; Content Spoofing.</li> </ul> </li> </ul><p> </p><ul> <li> <strong>Examining WhiteHat reported vulnerability likelihood vis-a-vis </strong><a href="https://owasp.org/www-project-top-ten/"><strong>OWASP Top 10</strong></a><strong> ­<em>­</em>– </strong><em>The OWASP Top Ten represents a broad consensus about the most critical security risks to web applications</em> <ul style="list-style-type:circle;"> <li>Approximately 2% of all vulnerabilities are Injection (A-1) related vulnerabilities. Injection vulnerabilities arise because of implementation errors and require an implementation change to fix these issues except when the Injection vulnerability is inherited from a third party component (COTS or OSS).</li> <li>SQL Injection is the pre-dominant Injection vulnerability accounting for more than 50% of all Injection vulnerabilities.</li> </ul> </li> </ul><p style="margin-left:1.0in;"> </p><ul> <li> <strong>Time to Fix - </strong><em>Focus on reducing average time to fix critical and high severity vulnerabilities is critical to improving the window of exposure and consequently the overall security posture of applications</em> <ul style="list-style-type:circle;"> <li>Average time to fix critical vulnerabilities is 205 days, a new high for the year.</li> <li>The average time (rolling 12 months) to fix critical vulnerabilities has increased from 197 days in April 2021 to 205 days in May 2021. </li> </ul> </li> </ul><p>For the full report, please visit <a href="https://www.whitehatsec.com/appsec-stats-flash/">https://www.whitehatsec.com/appsec-stats-flash/</a></p></div>

Prakash Sethuraman takes CISO role at CloudBees

  • None
  • Published date: 2021-06-22 00:00:00

None

<div class="body gsd-paywall article-body"><p>CloudBees, an enterprise software delivery company, named Prakash Sethuraman as Chief Information Security Officer (CISO).</p><p>Sethuraman was previously global head of cloud security at HSBC. During his tenure at HSBC, he led digital strategy and architecture, helped the organization drive public cloud and container adoption and led the creation of a global Open Banking platform that is used across 19 countries. In his most recent role at HSBC, Sethuraman led a dedicated cybersecurity team focused on cloud and container security and helped institute new security processes to protect the U.K.-based bank as it accelerated its journey toward cloud and container ecosystems operating at scale.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>As CISO, Sethuraman will lead the security strategy for CloudBees and the company’s product line. Sethuraman brings extensive experience gained through his career leading digital and security initiatives for organizations in highly regulated industries that depend on mission critical applications.</p><p>Prior to working at HSBC, Sethuraman has held various technology leadership roles. He founded and is currently chairman of Enterprise Blueprints, a management consultancy focused on technology strategy and architecture. Through Enterprise Blueprints, Sethuraman led significant technology transformation initiatives for leading financial services institutions in the U.K. He was also chief architect for financial services at Wipro, a CloudBees partner.</p><p>Congratulations!</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

UCLA implements critical event management platform for emergency response

  • None
  • Published date: 2021-06-22 00:00:00

None

<div class="body gsd-paywall article-body"><p>University of California, Los Angeles (UCLA) is a public land-grant research university in Los Angeles, California. UCLA traces its early origins back to 1882 as the southern branch of the California State Normal School. Today, the prestigious university teaches 46,000 students and employees almost 7,800 faculty.</p><p>Campuses nationwide are unfortunately seeing an influx in violence. According to the Violent Victimization of College Students report, students report about 526,000 violent crimes each year, 128,000 of those which “involved a weapon or serious injury to the victim.” Further complicating the issue is the fact that UCLA’s campus has thousands of people – including parents, campus visitors and sports fans – on the grounds at any given time, which can make it difficult to communicate effectively.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>UCLA decided to implement a Critical Event Management platform from Everbridge to overcome these obstacles and help keep students, staff and faculty safe and informed during crisis situations. Everbridge’s Critical Event Management platform enables campus officials to keep the campus community informed and able to react quickly to a dynamic situation such as a school lockdown, criminal threat or severe weather.</p><p>“Everbridge makes sending alerts to individuals faster and more efficient while simultaneously activating on premise alerting hardware with the same message,” <a href="https://www.everbridge.com/newsroom/article/ucla-selects-everbridges-critical-event-management-platform-keep-students-staff-faculty-safe-informed-crises/" target="_blank">said</a> Art Kirkland, Director, Office of Emergency Management, UCLA. </p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

Are you reporting to the CEO? Most security leaders don't

  • None
  • Published date: 2021-06-22 00:00:00

None

<div class="body gsd-paywall article-body"><p align="left">A new report from LogRhythm, “<a href="https://gallery.logrhythm.com/analyst-reviews-and-reports/na-report-ponemon-security-and-csuite.pdf" target="_blank">Security and the C-Suite: Making Security Priorities Business Priorities</a>,” based on research conducted by the Ponemon Institute, found that, while most organizations have experienced a cyberattack in the last two years (60%) and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO. Yet, 42% of respondents say the IT security leader should be the person most accountable for preventing or mitigating the consequences of a cyberattack.</p><p align="left">Ponemon conducted a global survey of 1,426 chief information, technology and security executives. LogRhythm sought to learn about the role and responsibilities of today’s cybersecurity leaders and the challenges they face in creating a strong security posture. Respondents were located in in the United States, EMEA and Asia-Pacific.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <h4 align="left"><strong>Security Leaders Shoulder More Responsibility and Risk</strong></h4><p align="left">Cybersecurity leaders shared they have assumed more accountability and risk, but struggle to achieve the desired security posture, because they are not seen as influential or valued members of their peer group, according to the research. Sixty percent of respondents say the cybersecurity leader should report directly to the CEO because it would create greater awareness of security issues throughout the organization. However, because the majority of security leaders are three steps away from the CEO, only 37% of respondents say their organization values and effectively leverages the expertise of the cybersecurity leader.</p><p align="left">“While security leaders are assuming more responsibility than ever before, they lack the necessary organizational visibility and influence to effectively build and mature their security programs,” said James Carder, chief security officer of LogRhythm. “Comprehensive cybersecurity programs are integral to the success of an organization. This research should spur CEOs to take accountability for safeguarding their organization’s sensitive information, prioritize the security program by elevating the security leader and ensure inroads between security decision-makers, the C-suite and the board.”</p><h4 align="left"><strong>New Security Pitfalls Stem from the COVID-19 Pandemic</strong></h4><p align="left">The significant increase in employees working remotely due to COVID-19 has created the biggest security challenge for IT security leaders, according to the research. These challenges are here to stay as enterprises adopt a hybrid work strategy to accommodate a distributed workforce, creating increased risk to sensitive and confidential information. Below are noteworthy findings about survey respondents’ newfound security issues resulting from remote work practices.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <ul style="list-style-type:circle;"> <li align="left">73% of respondents say less secure home networks are used by employees in their organization.</li> <li align="left">68% of respondents say employees and contractors believe the organization is not monitoring their activities.</li> <li align="left">67% say a family member uses a work device.</li> </ul><p align="left">Amid these challenges, 54% of respondents are worried about their job security, with 63% citing insufficient budget to invest in the right technologies as a main culprit. Further, more than half (53%) of respondents claim senior leadership does not understand their role, and another 51% of respondents believe that they lack executive support.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

How communities can use technology to address gun violence

  • Danielle Myers
  • Published date: 2021-06-22 00:00:00

None

<div class="body gsd-paywall article-body"><p>Over the past year, the United States has battled two major crises: COVID-19 and gun violence. 2020 was one of the <a href="https://everytownresearch.org/report/gun-violence-and-covid-19-in-2020-a-year-of-colliding-crises/">deadliest years</a> on record with more than <a href="https://www.nytimes.com/article/mass-shootings-2021.html">800 mass shootings</a> in stores, restaurants, schools, and other places, making businesses and consumers ask themselves “How can we feel safe anymore?” Unfortunately, businesses are now anticipating “when” an incident may occur instead of “if” it will occur. Many are looking for ways to increase security measures amid the nationwide gun violence crisis. Everyone plays a role in the safety and security of a community.</p><p> </p><p><strong>First steps to enhance community safety and security measures</strong></p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>As communities, schools, and community centers begin to open their doors again, it’s time to evaluate plans of safety and security. This starts with a safety audit of all policies, procedures, and technology currently in place. This audit often reveals gaps in a business’ safety plan and room for improvement, and an opportunity to adopt additional technology and resources.</p><p>Most facilities utilize a variety of technologies that each have separate jobs, such as security monitoring and communications. More specifically, these can range from fire panels, to access control, security cameras, and intercoms. All important tools, but when siloed don’t create a holistic safety solution, rather, they only address a small set of safety concerns. These systems should be unified under a single platform to instead create a holistic safety solution. Implementing situational awareness and response technology is a great solution for many businesses as it integrates all of their security and safety systems onto one platform to improve communication, workflow and operations especially in an emergency situation.</p><p> </p><p><strong>Beyond closed doors</strong></p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>The first point of access to each building is the doorway. Schools vary in their entry points from having a manual sign in at the front desk to keycard entry. Regardless of the method, point of entry access control systems are essential for optimum security. The ideal security system allows an individual from anywhere in the building to both see and communicate with visitors BEFORE entering the building. Allowing staff to monitor and restrict access through the facility gives them as much information as possible to make an informed decision about visitors entering the building. Additionally, credential tracking and permissions, including key cards and pin codes, add an extra level of security, and can be implemented throughout the building. Lastly, any access point can be monitored and alarms can be sent for a propped door, or open points of access to notify the proper individuals. Identifying areas of improvement at access points is a great first step to establishing a comprehensive plan.</p><p><strong>Identifying the right audience for the right situation</strong></p><p>Situational awareness technology addresses building security BEFORE the point of entry. Rather than waiting behind closed doors for intruders or unintended visitors, employees can receive an alert on their phone or hand held device containing detailed information (preventing staff from being tied to a desk). The alert can even contain live video footage pulled from security cameras. The employee can then permit or deny access directly from their phone with the push of a button or secure the building in the case of a threat. For example, if a fire alarm is pulled, a building administrator can instantly view the activated alarm to determine whether the device was activated for a fire, or for a potentially dangerous situation.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>In the case of an active shooter inside the building, situational awareness technology notifies the <em>right people, </em>with the<em> right information</em> in the shortest amount of time. From notifying law enforcement to employees and loved ones, technology can play a vital role in making sure everyone is aware of the situation, but most importantly responding quickly.</p><p>This cuts down on people wondering what to do if they see something suspicious or are in shock amid an emergency. Instead, a protocol is put in place and executed for the use of a panic button to alert people of the situation immediately. This ensures that every second is being optimally utilized and that emergency help is alerted in real-time.</p><p> </p><p><strong>The role of mental health</strong></p><p>While several factors have led to school shootings, mental health is one that cannot be ignored. According to a <a href="https://www.counseling.org/docs/default-source/vistas/school-shootings-and-student-mental-health.p">recent report</a>, staff members need to be able to quickly identify students who may exhibit or be a victim of violence by examining and analyzing patterns and trends in their behaviors. A number of factors should be considered including attendance records, student grades, previous history or pattern of behavioral issues, and experience with bullying. Having multiple touchpoints with students a day visible on one platform, staff are able to view all interactions in one place to help identify trends or issues. For example, if a student is consistently absent from lunch on a certain day of the week, administrators may be able to identify that the student is facing food insecurity, or being bullied by another student during the lunch hour. Consolidating information onto a single platform not only improves efficiency but also has the potential to spot issues before they occur.</p><p> </p><p><strong>Implications beyond gun violence</strong></p><p>Administrators can also use mass notification to inform students and their parents of important updates, such as closures, COVID-19 exposures, or new guidelines. And the benefits go beyond addressing problems the pandemic has created; an automated alerting platform can streamline lockdowns, evacuations, severe weather responses, medical emergencies, and many typical day-to-day events. By implementing an automated platform, schools are not only preparing for active shooter situations but also preparing for the future.</p><p>By maintaining the safety, conditions, and security of their school buildings, administrators can ensure that when the time comes for students to return, they are more ready than ever. Running a school is already a demanding job and with COVID-19 and an increase in gun violence adding even more pressure and complications, it’s easy to let things get swept under the rug, resulting in a minor issue becoming a major problem. To avoid this, it’s worth investing in a solution that can catch an issue before it escalates, relieving staff from doing unnecessary work and allowing them to focus on what’s really important.</p><p> </p><p><strong>Community supporting community</strong></p><p>Unfortunately, the number of mass shootings in 2020 wasn’t isolated to schools. Stores, malls, and restaurants have also been targets. Many of the same steps being taken in schools can be applied to help protect the community’s most vulnerable populations. Mass notification technology can be used in administrative buildings, senior living, and retail facilities.</p><p>Recently, <a href="https://www.statussolutions.com/blount-county-schools/">Blount County</a> School District implemented situational awareness and mass notification technology to help with emergencies and active shooter situations. Each school had a different set of needs and requirements for its program. By unifying ALL of the systems within a school and automating alert processes the school is not only able to cut down response time, but also make sure the right individuals are receiving the right information at the right time. In a mass shooting situation, one minute can be the difference between life or death. While it can be overwhelming for schools to take on such a challenging and complex issue, starting with an evaluation, and identifying key areas of opportunity/improvement and incorporating a comprehensive safety plan, schools can take steps necessary towards a brighter and safer future for our children, students and staff.</p><p><strong>This article originally ran in <em>Security</em>, a twice-monthly security-focused eNewsletter for security end users, brought to you by <em>Security</em> Magazine.</strong> <u><a href="https://bnp.dragonforms.com/init.do?pk=W.HOME&amp;omedasite=BNP6090_Vtnew">Subscribe here</a></u>.</p></div>

How to safeguard and optimize your assets through IoT and AI

  • Matthew Kushner
  • Published date: 2021-06-22 00:00:00

None

<div class="body gsd-paywall article-body"><p>Whether it’s the products we manufacture, the buildings we work in, or the information we gather, it's the assets within a company, if properly managed by people, that can help the company grow and develop. If not protected, these assets can be affected by vulnerabilities, waste, loss, and inefficiencies – safeguarding them during every stage of the production cycle is integral. But businesses can’t protect and control what they can’t see.</p><p>Leveraging Internet of Things (IoT) technology, along with a comprehensive security strategy and proper security technologies, can provide a solution, giving businesses across all industries more visibility than ever before. Using smart technologies, such as sensors, GPS, and tags – in conjunction with technologies like 5G – companies can keep track of where their assets have been, where they’re going, and who’s been in contact with them.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>And, by combining IoT technology with artificial intelligence (AI), we are rapidly moving from a real-time notification-based approach to a forward-looking solutions-based one. The wealth of data collected by IoT devices can be aggregated and parsed to create machine learnings that identify exceptions and predict new outcomes, whether these are operational, safety, security, or health-oriented.</p><p>So how can business leaders utilize these technologies to safeguard their assets and optimize operations, and what do they need to consider?</p><p> </p><p><strong>Leveraging IoT today</strong></p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>IoT adoption is accelerating rapidly. COVID-19 has increased the demand for remote monitoring, and the rise of 5G and cloud computing, as well as smaller and cheaper sensors, is increasing the range of applications. In fact, a recent study from Juniper Research predicted that the current number of IoT connections will <a href="https://www.juniperresearch.com/press/iot-connections-to-reach-83-bn-by-2024">more than double by 2024, reaching 83 billion</a>. Companies that delay the adoption of this disruptive technology risk falling behind in a post-pandemic world.</p><p>Luckily, implementing this technology does not have to mean replacing existing equipment. In many cases, companies can retrofit existing security infrastructure, such as video monitoring and geolocation tracking, with IoT sensors. As a result, spending on security becomes much more than a mandatory cost – it becomes an investment which enables businesses to unlock the value of their asset-based data. Companies that make this investment can see benefits across all aspects of the business, including improvements in efficiency, cost, quality, and customer service.</p><p> </p><p><strong>Powering smart factories and supply chains</strong></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>The move toward smart manufacturing has accelerated in the wake of the COVID-19 pandemic. The "fourth industrial revolution" will rely on IoT technology to monitor production, automation, planning, quality, and compliance. By connecting internet-enabled sensors to existing monitoring and surveillance systems, operators can collect real-time data on the status of their assets, allowing them to diagnose malfunctioning equipment, anticipate maintenance requirements, and identify machines that are not working to their full capacity. This insight will allow companies to enhance risk management, minimize downtime, and increase operating efficiency.</p><p>Once goods leave the factory, an enormous amount of waste can occur through the logistics process. In the past, monitoring goods in motion has presented a major challenge, but with IoT-enabled asset tracking solutions, logistics teams can keep tabs on shipments at every point along the supply chain. With automated data collection comes a whole host of benefits for both security and efficiency. AI technology can identify patterns and detect anomalies in the data, flagging any changes in storage conditions – such as temperature, pressure, humidity, air quality, and vibration – that could damage goods. In the absence of this data, companies risk delays, lost sales, customer dissatisfaction, and liability. </p><p> </p><p><strong>Keeping IoT security front of mind </strong></p><p>With all this information comes the importance of data protection. As cyber threats become more of a risk, businesses are increasingly expected to deliver on their commitment to data privacy – and oversights can be extremely costly. A data breach can result in workers and customers backing away from adoption and companies facing litigation issues, stunting the growth of the positive aspects of this technology.</p><p>When leveraging IoT with security technologies, it is vital that business leaders are conscious of the two aspects of data protection: data privacy and data security. You can have the highest regard for data privacy – putting policies in place to govern how data is collected, shared, and used – but your data security needs to be up to scratch to enforce these policies and protect against unauthorized access.</p><p> </p><p><strong>Powering progress</strong><br> The safeguarding of company assets, whether they be data or product, should be at the top of any organization’s agenda. When these assets are protected, people are empowered to grow businesses, build communities, and develop new and more efficient systems of production.​ Advances in technology are offering business leaders opportunities to leverage their existing security systems to not only better protect their assets but optimize their operations. With IoT and AI, security is no longer only a cost center, but a driver of competitive advantage.</p><div> <div style="margin-left:auto;"> <p><strong>This article originally ran in <em>Security</em>, a twice-monthly security-focused eNewsletter for security end users, brought to you by <em>Security</em> Magazine.</strong> <u><a href="https://bnp.dragonforms.com/init.do?pk=W.HOME&amp;omedasite=BNP6090_Vtnew">Subscribe here</a></u>.</p> </div> </div></div>