ReportWire

Tag: cyber attacks

  • The Shocking Cost of Vendor Data Breaches | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    Modern supply chains are a complex web of interconnected, intertwined digital ecosystems, each supporting the other. Look around you, and everything from how your workstations perform to how your data is being managed consists of several different suppliers and vendors, beyond what might be evident to you on first glance.

    You may have bought your web domain from an American company, but your hosting servers are in Europe. You probably bought your cloud infrastructure from AWS or Google, but your data is being stored in a remote village in Norway.

    Beyond what is visible lies a plethora of vendors and suppliers that work together like clockwork to make sure your business infrastructure remains up and running.

    However, this is where the problem begins. A single outage, data breach or fault with one of these vendors can have a devastating ripple effect on your business operations.

    Your direct vendor might not even be responsible, but their service might depend on a third-party provider, with whom you have no connection, and yet, your business takes the complete brunt of the situation.

    Therefore, in today’s world, companies don’t just have to prepare for internal data risks but also think about the data risks posed to their suppliers and vendors.

    Related: How to Mitigate Cybersecurity Risks Associated With Supply Chain Partners and Vendors

    Vulnerabilities due to a web of interdependencies

    In 2021, millions of websites across the world suddenly went offline. This included business websites, banks, ecommerce ports and even government agencies. In fact, it took out a major chunk of European and mostly French websites.

    After a couple of hours, it was found that one of the four data centers owned by the company OVHcloud was destroyed due to a fire.

    While the data centers supposedly had backups, the resulting damage in terms of data breaches and lost business cost tens of millions of dollars.

    Even some of the largest companies in the world are regularly attacked and are susceptible to data leaks.

    Orange Belgium‘s data breach exposed information of 850,000 customers. Allianz Life‘s data breach exposed personal information of more than a million customers, and a Qantas cyberattack leaked information on over six million airline customers!

    More recently, a ransomware attack on the UK’s NHS (National Health Service) disrupted blood tests across several London hospitals, eventually leading to the death of at least one patient. The software provider for the NHS, Advanced Computer Systems, was eventually fined £3 million, but only after an innocent life had already been lost.

    While these large organizations cannot be solely blamed, it is clear that even if you have the most robust IT and security infrastructure within your organization, you are never immune to the vulnerabilities of your vendors.

    Common mistakes that lead to weak data management

    Similar to the example of OVHcloud, many vendors simply lack a robust backup system to ensure operations run smoothly — this is where the problem starts. Due to a poor backup system, they also have an insufficient disaster recovery plan in case of a ransomware attack. Therefore, a fire in only one of their four data centers brought down millions of their customers’ websites.

    Another example might be the NHS’s software. They probably had data integrity checks built into their security, but they were insufficient, making it easy for an attack to take place across a number of locations. Overall, a reliance on manual recovery efforts and weak cybersecurity practices creates vulnerabilities that can have devastating consequences.

    Related: 3 Ways to Ensure Cybersecurity Is a Priority for the Companies You Partner With

    Cost of a vendor data crisis

    Any data breaches or attacks on your vendors will have a direct impact on your business. It can directly result in operational downtime, which can include workflows that completely stop working, supply chain disruptions, invoicing issues and much more.

    In the short run, it can lead to lost sales, SLA breaches and even penalties, while in the long run, the financial impact due to reputational damage can be even worse. If customers can’t trust you to deliver on time or protect their data, they might never return.

    It’s important to safeguard your business against such scenarios, and there are a couple of steps that can help you mitigate these.

    How to mitigate a vendor data crisis

    Before signing a contract with a vendor, it’s important to do your due diligence and assess their data and security infrastructure. This might seem instructive, but it is one of the important first steps you can take to protect your business and data against vulnerabilities.

    It is also important to carry out regular audits and ensure SLAs are met and that they are up-to-date with industry standards.

    Overall, there needs to be a plan for diversification so that no single vendor can impact a critical workflow.

    Related: Why Cybersecurity is the Key to Unlocking the Full Potential of Supply Chains

    Why it’s important to have robust data recovery tools

    Despite all the due diligence and backups, no system is 100% fail-proof. This is why your business must have reliable recovery tools that can help recover damaged files, important emails and even complete databases, making sure your organization can be back on its feet as soon as possible.

    A company’s data can be worth tens of thousands of dollars for a small business and much more for a larger organization. Using such software is the perfect safety net when prevention fails.

    Modern supply chains are a complex web of interconnected, intertwined digital ecosystems, each supporting the other. Look around you, and everything from how your workstations perform to how your data is being managed consists of several different suppliers and vendors, beyond what might be evident to you on first glance.

    You may have bought your web domain from an American company, but your hosting servers are in Europe. You probably bought your cloud infrastructure from AWS or Google, but your data is being stored in a remote village in Norway.

    Beyond what is visible lies a plethora of vendors and suppliers that work together like clockwork to make sure your business infrastructure remains up and running.

    The rest of this article is locked.

    Join Entrepreneur+ today for access.

    [ad_2]

    Chongwei Chen

    Source link

  • Passwords Won’t Secure Your Identity. Here’s What Will. | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    Our lives have migrated to a virtual world to the point where our emails have become an entry point to our identity. Medical records, employment history, education, world views and all that comes to mind, which pertains to who we are as people, likely have some form of digital footprint that can be traced back to us. While this can translate to seamless convenience, whether personalized recommendations or quick product deliveries, there remains a risk of exposure that threat actors constantly exploit.

    The tech titans who handle our data and boast a robust security infrastructure are the same ones who lost control of our data. With 16 billion Apple, Facebook, Google and other passwords leaked, a large question mark looms over the reliability of traditional security systems. The centralized databases and login processes of yesteryear are simply unable to keep up with today’s increasingly sophisticated cyber threats. Our passwords and two-factor authentication fall short in securing our digital identities.

    Related: Why Businesses Should Implement Passwordless Authentication Right Now

    Digitization outpacing security

    Digitization has become deeply entrenched in the fabric of how we operate as a society on a global scale, with 5.56 billion people online today and 402.74 million terabytes of data generated on a daily basis. The dizzying numbers demonstrate the breakneck speed with which every aspect of our lives has taken a virtual shape, and with it, the proliferation of the conversation about how we secure the digital world we have created.

    With the current security measures in use, cybercrime is expected to cost over $639 billion in the United States this year, with the costs expected to balloon as far as $1.82 trillion by 2028. In light of such projected costs, the development of a secure infrastructure is a priority that requires immediate attention, one that could compromise digital identity if disregarded.

    Decentralize to prevent compromise

    The centralized databases of tech titans mean that there is one location, one source of truth, that if compromised, all that it contains is leaked, as was the case with the passwords that were leaked. If not a leak, then a ransomware attack that disrupts the systems on which our digital lives operate. This kind of disruption can cascade to fundamental services such as healthcare, as a recent ransomware attack caused a system-wide tech outage at a large network of medical centers in Ohio, cancelling inpatient and outpatient procedures.

    Centralization’s single point of failure calls for a shift in how to operate tech infrastructures — a shift to decentralized data storage. Unlike centralized systems, blockchain networks distribute data across a large multitude of nodes that are in constant verification of one another through cryptographic consensus. To verify the data, the majority of nodes must be in agreement, a majority that rejects tampered “blocks” or compromised nodes. This means that there is no single repository that can be compromised, as attackers would need to compromise the majority of the nodes, a task immensely more challenging than the common compromise of a centralized server.

    Related: Passwords Are Scarily Insecure. Here Are a Few Safer Alternatives.

    Use the physical to verify the virtual

    The beauty of blockchain technology is its ownership element. As everything is secured by cryptography, the only way to “decrypt” the data and access it is through your own private keys. However, if a threat actor is to gain access to your private keys, they also gain access to your data and funds, posing a threat that puts in question how secure the shift from centralized to decentralized storage really is.

    If a private key is proof of one’s identity, then its loss equates to the loss of one’s digital identity, a compromise that can only be secured by undeniable proof that the owner of the keys is indeed who they claim to be. This is where biometric authentication becomes the final piece in the puzzle of securing one’s digital identity in a decentralized infrastructure.

    Using one’s fingerprint in an offline environment for identity verification not only ensures ownership of data and its security but also prevents the exposure of biometric data to a server where it could be breached. This creates a new paradigm that deems passwords and two-factor authentication obsolete. Building on such a methodology opens pathways for a secure digital identity and KYC verification on a decentralized infrastructure, leaving no room for threat actors to compromise digital identities.

    The conversation on digital security is the result of an absolute necessity in the face of increasingly sophisticated cyber attacks. However, adding uppercase letters, symbols and numbers to your password will not be enough. The added layer of two-factor authentication will not be enough either. More steps do not equate to more security. The future of security lies in an infrastructure shift from the centralized to the decentralized, protected by a layer of biometric authentication that ensures that one’s digital identity is secured.

    Our lives have migrated to a virtual world to the point where our emails have become an entry point to our identity. Medical records, employment history, education, world views and all that comes to mind, which pertains to who we are as people, likely have some form of digital footprint that can be traced back to us. While this can translate to seamless convenience, whether personalized recommendations or quick product deliveries, there remains a risk of exposure that threat actors constantly exploit.

    The tech titans who handle our data and boast a robust security infrastructure are the same ones who lost control of our data. With 16 billion Apple, Facebook, Google and other passwords leaked, a large question mark looms over the reliability of traditional security systems. The centralized databases and login processes of yesteryear are simply unable to keep up with today’s increasingly sophisticated cyber threats. Our passwords and two-factor authentication fall short in securing our digital identities.

    Related: Why Businesses Should Implement Passwordless Authentication Right Now

    The rest of this article is locked.

    Join Entrepreneur+ today for access.

    [ad_2]

    Venket Naga

    Source link

  • How to Protect Your Company From Deepfake Fraud | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In 2024, a scammer used deepfake audio and video to impersonate Ferrari CEO Benedetto Vigna and attempted to authorize a wire transfer, reportedly tied to an acquisition. Ferrari never confirmed the amount, which rumors placed in the millions of euros.

    The scheme failed when an executive assistant stopped it by asking a security question only the real CEO could answer.

    This isn’t sci-fi. Deepfakes have jumped from political misinformation to corporate fraud. Ferrari foiled this one — but other companies haven’t been so lucky.

    Executive deepfake attacks are no longer rare outliers. They’re strategic, scalable and surging. If your company hasn’t faced one yet, odds are it’s only a matter of time.

    Related: Hackers Targeted a $12 Billion Cybersecurity Company With a Deepfake of Its CEO. Here’s Why Small Details Made It Unsuccessful.

    How AI empowers imposters

    You need less than three minutes of a CEO’s public video — and under $15 worth of software — to make a convincing deepfake.

    With just a short YouTube clip, AI software can recreate a person’s face and voice in real time. No studio. No Hollywood budget. Just a laptop and someone ready to use it.

    In Q1  2025, deepfake fraud cost an estimated $200 million globally, according to Resemble AI’s Q1 2025 Deepfake Incident Report. These are not pranks — they’re targeted heists hitting C‑suite wallets.

    The biggest liability isn’t technical infrastructure; it’s trust.

    Why the C‑suite is a prime target

    Executives make easy targets because:

    • They share earnings calls, webinars and LinkedIn videos that feed training data

    • Their words carry weight — teams obey with little pushback

    • They approve big payments fast, often without red flags

    In a Deloitte poll from May 2024, 26% of execs said someone had tried a deepfake scam on their financial data in the past year.

    Behind the scenes, these attacks often begin with stolen credentials harvested from malware infections. One criminal group develops the malware, another scours leaks for promising targets — company names, exec titles and email patterns.

    Multivector engagement follows: text, email, social media chats — building familiarity and trust before a live video or voice deepfake seals the deal. The final stage? A faked order from the top and a wire transfer to nowhere.

    Common attack tactics

    Voice cloning:

    In 2024, the U.S. saw over 845,000 imposter scams, according to data from the Federal Trade Commission. This shows that seconds of audio can make a convincing clone.

    Attackers hide by using encrypted chats — WhatsApp or personal phones — to skirt IT controls.

    One notable case: In 2021, a UAE bank manager got a call mimicking the regional director’s voice. He wired $35 million to a fraudster.

    Live video deepfakes:

    AI now enables real-time video impersonation, as nearly happened in the Ferrari case. The attacker created a synthetic video call of CEO Benedetto Vigna that nearly fooled staff.

    Staged, multi-channel social engineering:

    Attackers often build pretexts over time — fake recruiter emails, LinkedIn chats, calendar invites — before a call.

    These tactics echo other scams like counterfeit ads: Criminals duplicate legitimate brand campaigns, then trick users onto fake landing pages to steal data or sell knockoffs. Users blame the real brand, compounding reputational damage.

    Multivector trust-building works the same way in executive impersonation: Familiarity opens the door, and AI walks right through it.

    Related: The Deepfake Threat is Real. Here Are 3 Ways to Protect Your Business

    What if someone deepfakes the C‑suite

    Ferrari came close to wiring funds after a live deepfake of their CEO. Only an assistant’s quick challenge about a personal security question stopped it. While no money was lost in this case, the incident raised concerns about how AI-enabled fraud might exploit executive workflows.

    Other companies weren’t so lucky. In the UAE case above, a deepfaked phone call and forged documents led to a $35 million loss. Only $400,000 was later traced to U.S. accounts — the rest vanished. Law enforcement never identified the perpetrators.

    A 2023 case involved a Beazley-insured company, where a finance director received a deepfaked WhatsApp video of the CEO. Over two weeks, they transferred $6 million to a bogus account in Hong Kong. While insurance helped recover the financial loss, the incident still disrupted operations and exposed critical vulnerabilities.

    The shift from passive misinformation to active manipulation changes the game entirely. Deepfake attacks aren’t just threats to reputation or financial survival anymore — they directly undermine trust and operational integrity.

    How to protect the C‑suite

    • Audit public executive content.

    • Limit unnecessary executive exposure in video/audio formats.

    • Ask: Does the CFO need to be in every public webinar?

    • Enforce multi-factor verification.

    • Always verify high-risk requests through secondary channels — not just email or video. Avoid putting full trust in any one medium.

    • Adopt AI-powered detection tools.

    • Use tools that fight fire with fire by leveraging AI features for AI-generated fake content detection:

      • Photo analysis: Detects AI-generated images by spotting facial irregularities, lighting issues or visual inconsistencies

      • Video analysis: Flags deepfakes by examining unnatural movements, frame glitches and facial syncing errors

      • Voice analysis: Identifies synthetic speech by analyzing tone, cadence and voice pattern mismatches

      • Ad monitoring: Detects deepfake ads featuring AI-generated executive likenesses, fake endorsements or manipulated video/audio clips

      • Impersonation detection: Spots deepfakes by identifying mismatched voice, face or behavior patterns used to mimic real people

      • Fake support line detection: Identifies fraudulent customer service channels — including cloned phone numbers, spoofed websites or AI-run chatbots designed to impersonate real brands

    But beware: Criminals use AI too and often move faster. At the moment, criminals are using more advanced AI in their attacks than we are using in our defense systems.

    Strategies that are all about preventative technology are likely to fail — attackers will always find ways in. Thorough personnel training is just as crucial as technology is to catch deepfakes and social engineering and to thwart attacks.

    Train with realistic simulations:

    Use simulated phishing and deepfake drills to test your team. For example, some security platforms now simulate deepfake-based attacks to train employees and flag vulnerabilities to AI-generated content.

    Just as we train AI using the best data, the same applies to humans: Gather realistic samples, simulate real deepfake attacks and measure responses.

    Develop an incident response playbook:

    Create an incident response plan with clear roles and escalation steps. Test it regularly — don’t wait until you need it. Data leaks and AI-powered attacks can’t be fully prevented. But with the right tools and training, you can stop impersonation before it becomes infiltration.

    Related: Jack Dorsey Says It Will Soon Be ‘Impossible to Tell’ if Deepfakes Are Real: ‘Like You’re in a Simulation’

    Trust is the new attack vector

    Deepfake fraud isn’t just clever code; it hits where it hurts — your trust.

    When an attacker mimics the CEO’s face or voice, they don’t just wear a mask. They seize the very authority that keeps your company running. In an age where voice and video can be forged in seconds, trust must be earned — and verified — every time.

    Don’t just upgrade your firewalls and test your systems. Train your people. Review your public-facing content. A trusted voice can still be a threat — pause and confirm.

    [ad_2]

    Ivan Shkvarun

    Source link

  • Cyber Attacks Are Inevitable — So Stop Preparing For If One Happens and Start Preparing For When One Will | Entrepreneur

    Cyber Attacks Are Inevitable — So Stop Preparing For If One Happens and Start Preparing For When One Will | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In 2024, organizations faced an average of 1,308 cyber attacks per week in Q1, a 28% rise from the previous quarter and 5% year-over-year. And what’s even worrisome is that cybercrime losses reached $12.8 billion in 2023 and are expected to hit $23.84 trillion by 2027.

    Undoubtedly, securing your business in today’s digital business landscape isn’t just about protecting against cyber threats — it’s about resilience.

    You can always fall for the latest threats since cybercriminals are becoming increasingly sophisticated while sneaking into business networks. Hence, you need a more robust cybersecurity plan backed by cyber resilience that goes beyond conventional cybersecurity strategy.

    Cyber resilience isn’t a buzzword; it’s a necessity and a proactive approach that goes beyond conventional security. It ensures your organization withstands and recovers from potential threats without much impact on your business.

    In a nutshell, cyber resilience is about building walls of protection and having the resilience to bounce back stronger.

    Let’s discover why embracing resilience should be a top priority for businesses to ensure continuity and future success in the ever-expanding cybersecurity landscape.

    Related: There’s No Margin for Error in Cybersecurity — Here’s How to Build a Strong Online Defense through Everyday Habits

    Why your business needs cyber resilience

    Cyber resilience is your organization’s ability to prevent, withstand and smoothly recover from various cybersecurity incidents. Cyber resilience isn’t about preventing cyberattacks — it’s about ensuring your organization can swiftly recover and continue to operate after an incident.

    Nobody can predict the next threat to your organization and customers, especially in an era where machine learning and artificial intelligence have broadened the horizons and increased threat vectors.

    Hence, a robust incident response plan is undeniably the need of the hour for businesses that are about to reinvent their cybersecurity posture.

    Remember, a cybersecurity strategy lacking a robust incident response plan is good for nothing since cybercriminals are already exploring new ways to target end users and customers to exploit their personal information and gain access to sensitive business details.

    On the other hand, cyber resilience not only ensures stringent cybersecurity against immediate threats but eventually mitigates long-term costs. Hence, investing in cyber resilience would surely safeguard your business from financial devastation and ensure smooth continuity.

    Now that we’ve learned about cyber resilience and its importance, let’s emphasize how you can incorporate it into your business.

    Related: 3 Reasons to Increase Your Cybersecurity Protocols in 2024

    Is your organization truly protected?

    Most businesses mistake cyber resilience for cybersecurity. However, they are pretty different and hold their own importance at different levels.

    Securing your organization against modern threats is crucial, but it’s also important to prepare for the worst. For example, you must have a plan to deal with a data or privacy breach.

    If you wish to protect your organization from the latest threats, your cybersecurity must include a comprehensive cyber resilience checklist.

    Whether it is regular audits, employee training, or advanced threat detection through technology, you must always be geared up to handle any cyber incident.

    Your cybersecurity checklist to supercharge your cyber resilience

    1. Regular security audits

    Scheduled audits are crucial to uncover potential threats and vulnerabilities before cybercriminals can exploit them. Addressing the issues well in advance can help you prepare a solid plan for the worst-case scenario and bounce back stronger.

    Here’s what you can do:

    • Look for outdated software: It’s crucial to check and update your defense software and firewalls since outdated software is more susceptible to ransomware attacks and other threats.
    • Incidence response drill: Organizing an incident response drill will help identify gaps in your communication protocol and eventually help you overcome the delayed response time during a cyberattack. Hence, scheduling quarterly incident response drills is crucial once you’ve completed the security audit.
    • Engage third-party experts: Involving third-party cybersecurity experts can provide an unbiased evaluation of your security measures and help create a robust cyber resilience program. Experts can uncover vulnerabilities your internal teams might overlook and help prepare an action response plan accordingly.

    2. Strengthening your human firewall through employee training and awareness programs

    Human error leads to cybersecurity breaches. Ensuring your employees are well-trained to handle any vulnerability is critical to building cyber resilience.

    • Regular training sessions: Regular training and updating your employees on the latest threat vectors and best practices are essential. Using real-world scenarios to illustrate various threats and their corresponding responses would shield your organization from potential threats and minimize losses during an unforeseen event.
    • Phishing simulations: Implementing phishing simulations to test your employees’ ability to recognize and respond to phishing attacks is crucial for safeguarding sensitive information. Using the results to identify improvement areas will help tailor training to minimize human error.
    • Clear policies and procedures: Establishing clear cybersecurity procedures and policies within your organization is crucial to building resilience. Ensure the policies are easily accessible and understood by everyone in the organization.

    3. Building a robust incident response team is your frontline defense

    A dedicated incident response team is all you need for swift and effective action during a cybersecurity incident. This will help minimize the impact, leading to fewer financial and reputational losses.

    • Define roles and responsibilities: You must clearly define roles and responsibilities for every team member regardless of their job title and experience. It’s crucial to ensure that everyone knows their duties and responsibilities promptly during an incident and the situation.
    • Invoke the potential of modern tools and technologies: Using threat intelligence tools, data encryption, multi-factor authentication (MFA), and Zero Trust architecture can reinforce your overall cybersecurity resilience program.
    • Continuous improvement: Conducting a thorough review to identify areas for improvement after every drill and incident. This will help you continuously update your incident response plan based on the recent findings.

    Final thoughts

    In this modern digital business landscape, the increasing cyber threats and sophistication of cybercriminals demand next-level security — cyber resilience.

    Cyber resilience is a vital strategy for businesses to ensure they stay up and running even in the event of a cyber incident and can quickly contain a breach without financial and reputational losses.

    Hence, embracing cyber resilience shouldn’t be a luxury; it must be an essential pillar of your cybersecurity foundation.

    [ad_2]

    Rakesh Soni

    Source link

  • GTA Hacker Gets Life Sentence for Stealing $10 Million Data | Entrepreneur

    GTA Hacker Gets Life Sentence for Stealing $10 Million Data | Entrepreneur

    [ad_1]

    Arion Kurtaj’s joyride as a Grand Theft Auto (GTA) criminal appears to have crashed and burned.

    The 18-year-old hacker from Oxfordshire, UK, played a crucial role in the Lapsus$ group — an international cybercrime syndicate that inflicted nearly $10 million in damages to several high-profile tech companies, including Uber, Nvidia, and Rockstar Games (the company that makes GTA), according to the BBC.

    Kurtaj’s most infamous crime was breaching Rockstar while in police custody and releasing 90 clips of unreleased Grand Theft Auto 6 footage.

    Despite being on bail for hacking Nvidia and having his laptop confiscated, Kurtaj still managed to break into Rockstar’s servers from a Travelodge motel, using an Amazon Firestick, the hotel TV, and a mobile phone.

    He then broke into the company’s internal Slack with a warning, “If Rockstar does not contact me on Telegram within 24 hours, I will start releasing the source code.”

    Related: Cyber Attacks Are On the Rise — Here’s How Your Business Can Continuously Prepare for Threats

    Autism cited

    Kurtaj has severe autism and was reportedly quite violent in custody, injuring people and damaging property. The severity of his disorder led to the court’s decision to confine him to a secure medical facility indefinitely.

    According to a mental health assessment, he “continued to express the intent to return to cyber-crime as soon as possible. He is highly motivated.”

    In contrast, a 17-year-old Lapsus$ member, whose identity remains protected, was issued an 18-month Youth Rehabilitation Order. Both youths stand as the first convicted members of the Lapsus$ gang. Other suspects remain at large.

    Kurtaj’s defense team argued that the success of the recently released GTA 6 trailer, with over 128 million views in just four days, signaled minimal harm to Rockstar Games.

    But Judge Patricia Lees said extensive damage was done to the actual victims of the group’s numerous cyber attacks. In addition to Rockstar Games having to pay Lapsus$ $5 million to recover its data, other hacks by Lapsus$ involved threatening communications sent to thousands of cell phone customers and stealing money from cryptocurrency wallets.

    “This case serves as an example of the dangers that young people can be drawn towards whilst online and the serious consequences it can have for someone’s broader future,” said Detective Chief Superintendent Amanda Horsburgh from the City of London Police.

    Related: Comcast Xfinity Hackers Stole Personal Information From More Than 35 Million Customers, the Company Says

    [ad_2]

    Jonathan Small

    Source link

  • Cybersecurity Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

    Cybersecurity Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In the ever-evolving landscape of cybersecurity threats, the traditional castle-and-moat approach is proving increasingly inadequate. The global average data breach cost in 2023 was $4.45 million. Compared with 2020, this is a 15% increase. Organizations must fortify their defenses with proactive and comprehensive strategies as cyber adversaries grow more sophisticated. In this era of uncertainty, the key to resilience lies in continuous monitoring.

    Related: The World is Doubling Down on Cybersecurity — Here’s What Business Leaders Should Know

    Understanding the value of continuous monitoring

    At its core, continuous monitoring is not just a tool but a mindset — a proactive and comprehensive approach to cybersecurity. It transcends the reactive measures of the past, emphasizing continuous data collection, analysis and correlation. It is also not a one-time event but a perpetual vigilance system that allows organizations to stay one step ahead of cyber adversaries.

    The primary benefit, of course, is identifying threats early on. Furthermore, employing advanced analytics and machine learning helps go beyond signature-based detection and recognize anomalies that may indicate potential threats. This proactive stance is crucial in the dynamic landscape of cyber threats, where speed is often the differentiator between containment and catastrophe.

    When breaches occur, and they inevitably will, the monitoring system plays a pivotal role in isolating compromised systems and containing malware. This containment strategy limits the blast radius of an attack, preventing the spread of malicious entities within the network. In the aftermath of a breach, the ability to swiftly and effectively mitigate the impact is a testament to the resilience afforded by continuous monitoring.

    Related: 4 Ways Continuous Learning Will Make You and Your Business Unstoppable

    Knowing is half the battle, especially in the realm of cybersecurity. Continuous monitoring gives organizations valuable insights into attacker tactics, techniques and procedures (TTPs). Organizations can strengthen their security controls and create an adaptive defense architecture by understanding how adversaries operate.

    Beyond resilience, in an era of stringent regulations and compliance standards, monitoring is crucial in demonstrating adherence to industry guidelines. By providing continuous visibility into security postures and monitoring activities, organizations can proactively address compliance requirements, avoiding the pitfalls of non-compliance.

    Finally, the financial burden of cyberattacks extends far beyond immediate remediation costs. Minimizing the impact of breaches and optimizing incident response significantly reduces the overall economic toll of cyber incidents. It transforms cybersecurity from a necessary expense into a strategic investment that safeguards data and the bottom line.

    Executing continuous monitoring in your organization

    To offer complete visibility, a comprehensive monitoring plan should consider every endpoint, network, and software your company utilizes. As such, the first step is assessing every asset within the corporate network. However, not all assets are equal. Prioritizing monitoring efforts is essential to protect the most valuable information. Allowing organizations to focus their resources where they matter most helps create a targeted defense that fortifies the digital crown jewels.

    A monitoring architecture should also include an incident response plan. Due to its ability to allow organizations to record, respond, and learn from cyberattacks, incident reporting is essential. Facilitating the development of well-defined incident response procedures ensures that organizations can react swiftly and decisively to mitigate potential damage when a threat is detected.

    Selecting the most suitable technology and monitoring tools is a crucial choice. To have complete visibility, the monitoring architecture established must account for every attack vector that can be used to launch a cyberattack. Considering the expanding nature of today’s attack surface, choosing the right tools is paramount.

    For instance, most enterprises start with a Security Information and Event Monitoring Tool (SIEM), followed by Endpoint Detection and Response (EDR) and a Unified Endpoint Management (UEM) solution. SIEM searches for patterns that make it easier for security teams to recognize attacks, breaches, and technical problems. An EDR, on the other hand, collects data from each endpoint and uses AI to determine threats.

    While on the outside, both SIEM and EDR offer visibility, EDRs focus on endpoints, and SIEM covers the entire network. However, EDR offers deeper capabilities regarding incident response, allowing security teams to fight back. UEMs, on the other hand, utilize their remote capabilities to keep track of device compliance. Furthermore, non-compliant devices, once identified, can be flagged and managed remotely. With new national and international regulations emerging, the consequences of non-compliance are grave indeed.

    The chosen tools must seamlessly integrate into the existing cybersecurity ecosystem, whether it’s network monitoring, endpoint monitoring or threat intelligence platforms. For example, selecting a SIEM with data loss prevention or a UEM with patch management capabilities saves IT teams from managing multiple platforms.

    Finally, let’s say you have implemented a reliable architecture. This, however, is not the end. There are always fresh risks to be aware of in the evolving field of cybersecurity. To respond to changing threats, continual improvement and refining are necessary. Regular reviews and updates ensure that the watchtower remains vigilant and resilient in the ever-changing cyber threat landscape.

    Last but not least — your employees. An issue with complex tools like SIEMs is that they require skilled security professionals to manage. Beyond security professionals, each employee must be updated on the latest cyber threats and attack vectors through regular workshops and training sessions. Knowing how criminals breach security will help them notice the minute details and signs that could help them identify a breach. Moreover, it also impacts how well they respond to a cybersecurity dilemma.

    Going forward

    As cyber threats become more sophisticated, the significance of continuous security monitoring continues to grow. It is not an exaggeration to portray it as a vital tool for businesses looking to safeguard their assets and ensure business continuity — in fact, doing so is a strategic requirement. The agility and responsiveness afforded by continuous monitoring are the building blocks of a resilient cybersecurity strategy in an age where digital disruption is the norm.

    [ad_2]

    Apu Pavithran

    Source link

  • Deepfakes are Lurking in 2024 — Here's How to Unmask Them | Entrepreneur

    Deepfakes are Lurking in 2024 — Here's How to Unmask Them | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    As artificial intelligence (AI) takes the world by storm, one particular facet of this technology has left people in both awe and apprehension. Deepfakes, which are synthetic media created using artificial intelligence, have come a long way since their inception. According to a survey by iProov, 43% of global respondents admit that they would not be able to tell the difference between a real video and a deepfake.

    As we navigate the threat landscape in 2024, it becomes increasingly vital to understand the implications of this technology and the measures to counter its potential misuse.

    Related: Deepfakes Are on the Rise — Will They Change How Businesses Verify Their Users?

    The evolution of deepfake technology

    The trajectory of deepfake technology has been nothing short of a technological marvel. Deepfakes were characterized by relatively crude manipulations in their infancy, often discernible due to subtle imperfections. These early iterations, though intriguing, lacked the finesse that would later become synonymous with the term “deepfake.”

    As we navigate the technological landscape of 2024, the progression of deepfake sophistication is evident. This evolution is intricately tied to the rapid advancements in machine learning. The algorithms powering deepfakes have become more adept at analyzing and replicating intricate human expressions, nuances, and mannerisms. The result is a generation of synthetic media that, at first glance, can be indistinguishable from authentic content.

    Related: ‘Biggest Risk of Artificial Intelligence’: Microsoft’s President Says Deepfakes Are AI’s Biggest Problem

    The threat of deepfakes

    This heightened realism in deepfake videos is causing a ripple of concern throughout society. The ability to create hyper-realistic videos that convincingly depict individuals saying or doing things they never did has raised ethical, social, and political questions. The potential for these synthetic videos to deceive, manipulate, and mislead is a cause for genuine apprehension.

    Earlier this year, Google CEO Sundar Pichai warned people about the dangers of AI content, saying, “It will be possible with AI to create, you know, a video easily. Where it could be Scott saying something or me saying something, and we never said that. And it could look accurate. But you know, on a societal scale, you know, it can cause a lot of harm.”

    As we delve deeper into 2024, the realism achieved by deepfake videos is pushing the boundaries of what was once thought possible. Faces can be seamlessly superimposed onto different bodies, and voices can be cloned with uncanny accuracy. This not only challenges our ability to discern fact from fiction but also poses a threat to the very foundations of trust in the information we consume. A report by Sensity shows that the number of deepfakes created has been doubling every six months.

    The impact of hyper-realistic, deepfake videos extends beyond entertainment and can potentially disrupt various facets of society. From impersonating public figures to fabricating evidence, the consequences of this technology can be far-reaching. The notion of “seeing is believing” becomes increasingly tenuous, prompting a critical examination of our reliance on visual and auditory cues as markers of truth.

    In this era of heightened digital manipulation, it becomes imperative for individuals, institutions, and technology developers to stay ahead of the curve. As we grapple with these advancements’ ethical implications and societal consequences, the need for robust countermeasures, ethical guidelines, and a vigilant public becomes more apparent than ever.

    Related: Deepfakes Are on the Rise — Will They Change How Businesses Verify Their Users?

    Countermeasures and prevention strategies

    Governments and industries globally are not mere spectators in the face of the deepfake menace; they have stepped onto the battlefield with a recognition of the urgency that the situation demands. According to reports, the Pentagon, through the Defense Advanced Research Projects Agency (DARPA), is working with several of the country’s biggest research institutions to get ahead of deepfakes. Initiatives aimed at curbing the malicious use of deepfake technology are currently in progress, and they span a spectrum of strategies.

    One front in this battle involves the development of anti-deepfake tools and technologies. Recognizing the potential havoc that hyper-realistic synthetic media can wreak, researchers and engineers are tirelessly working on innovative solutions. These tools often leverage advanced machine learning algorithms themselves, seeking to outsmart and identify deepfakes in the ever-evolving landscape of synthetic media. A great example of this is Microsoft offering US politicians and campaign groups an anti-deepfake tool ahead of the 2024 elections. This tool will allow them to authenticate their photos and videos with watermarks.

    Apart from that, industry leaders are also investing significant resources in research and development. The goal is not only to create more robust detection tools but also to explore technologies that can prevent the creation of convincing deepfakes in the first place. Recently, TikTok has banned any deepfakes of nonpublic figures on the app.

    However, it’s essential to recognize that the battle against deepfakes isn’t solely technological. As technology evolves, so do the strategies employed by those with malicious intent. Therefore, to complement the development of sophisticated tools, there is a need for public education and awareness programs.

    Public understanding of the existence and potential dangers of deepfakes is a powerful weapon in this fight. Education empowers individuals to critically evaluate the information they encounter, fostering a society less susceptible to manipulation. Awareness campaigns can highlight the risks associated with deepfakes, encouraging responsible sharing and consumption of media. Such initiatives not only equip individuals with the knowledge to identify potential deepfakes but also create a collective ethos that values media literacy.

    Related: ‘We Were Sucked In’: How to Protect Yourself from Deepfake Phone Scams.

    Navigating the deepfake threat landscape in 2024

    As we stand at the crossroads of technological innovation and potential threats, unmasking deepfakes requires a concerted effort. It necessitates the development of advanced detection technologies and a commitment to education and awareness. In the ever-evolving landscape of synthetic media, staying vigilant and proactive is our best defense against the growing threat of deepfakes in 2024 and beyond.

    [ad_2]

    Asim Rais Siddiqui

    Source link

  • L2 Blast on multi-sig debate: Security exists on spectrum, nothing is fully secure

    L2 Blast on multi-sig debate: Security exists on spectrum, nothing is fully secure

    [ad_1]

    Paradigm-backed network Blast addressed skepticism surrounding its blockchain model following a swift rise to over $300 million in market cap and promises of a token airdrop.

    Blast Bridge, an L2 network on Ethereum, pushed back on security concerns espoused by some in the crypto community due to the protocol’s smart contract architecture which safeguards assets using a multi-signature build.

    On Nov. 24 via an X thread, the project said no contract code security is completely airtight and that each smart contract design has its associated vulnerability. Blast pointed to other layer-2 blockchains like Arbitrum and Polygon that use multi-sig wallets to hold funds, adding that this option holds benefits if executed correctly.

    You want to make sure that each signing key of a multi-sig is independently secure. This helps make the multisig antifragile. Each key should be in cold storage, managed by an independent party, and geographically separated.

    Blast L2 via X

    Blast stressed that veteran technical engineers comprise the five signatories for its multi-sig wallet. The project also shared plans to further bolster resilience and mitigate black swan events by initiating an upgrade to the underlying hardware wallet provider leveraged for its contentious multi-sig structure.

    This will ensure that no single hardware wallet type is used 3-of-5 times, maintaining safety even in an unprecedented hardware wallet compromise scenario.

    Blast L2 via X

    Blast captured attention as Tieshun Roquerre, aka Pacman, co-founder of NFT marketplace Blur, announced the L2 network after raising $20 million from investors like Paradigm. The deposit-only protocol offers native yield to users, promising an airdrop for early supporters and a mainnet launch in the near future.

    The one-way bridge zoomed to a market cap above $300 million as of press time following massive inflows into Blasts’s contract address. Additionally, Blast’s asset portfolio provided by DeBank showed millions held in Lido’s staked Ether (stETH) and Maker’s DAI, a defi stablecoin.


    Follow Us on Google News

    [ad_2]

    Naga Avan-Nomayo

    Source link

  • How to Avoid Online Scams on Black Friday and Cyber Monday | Entrepreneur

    How to Avoid Online Scams on Black Friday and Cyber Monday | Entrepreneur

    [ad_1]

    As Thanksgiving approaches, so do Black Friday and Cyber Monday.

    Last year, the National Retail Federation reported nearly 180 million unique shoppers over the five-day period between Thanksgiving Day and Cyber Monday, which exceeded estimates by more than 21 million. According to NRF’s data, 104.9 million of those shoppers visited stores and 127.8 million made their purchases online (some shopped both in-store and online).

    Of course, “Cyber Week” brings in major revenue: The 2021 sales stretch drove nearly $40 billion in online spending, per Adobe.

    But the onslaught of online deals doesn’t just draw eager shoppers — it also gives cybercriminals a prime opportunity to trick people out of their money.

    “Cyber Monday and Black Friday open the door for adversaries to make offers,” AJ Nash, vice president of intelligence at ZeroFox, says. “Maybe if it were a Wednesday in July, you’d go, Man, that seems too good to be true. But come Cyber Monday, you go, Oh, maybe it’s a doorbuster. Maybe somebody really is giving away this amazing thing for almost nothing.”

    Nash spent nearly two decades in the intelligence community, describing himself as a “traditional intel guy,” before he was recruited for a cyber-focused contract, then to the private sector.

    Entrepreneur sat down with Nash to discuss how cyber scams have become more sophisticated over the years and how you can protect yourself from even the craftiest cybercriminals.

    Related: Cyber Fraudsters Reap $2.3 Billion Through Email Wire-Transfer Scams

    “Technologies have made it easier to do a better job of impersonating.”

    Phishing, the process by which an attacker sends a fraudulent message to get someone to share sensitive information or to introduce malware, is one of the oldest tricks in the cybercrime book.

    But the “spray and pray approach,” where cyber criminals attempt to maximize the volume of their scam to get the biggest returns, has gotten an update over the years, Nash says.

    “Technologies have made it easier to do a better job of impersonating,” he explains. “It costs very little to buy a domain that looks very close to the real one. It’s a misspelling, or they use a lowercase ‘L’ to replace a capital ‘I.’ There’s a lot of different ways to set that up.”

    From bogus websites to texting schemes, cyber scammers are skilled in weaving webs that appear legitimate. A link sent through SMS might lead back to an authentic-looking site, for example.

    “The longer you go down those paths, if adversaries link things together and layer them, the more trust it creates,” Nash says. “If you believed the first thing, then everything else is going to reinforce that as a potential victim.”

    And the schemes themselves also run the gamut, though non-delivery scams, where shoppers are duped into purchasing something that never arrives, and gift card hoaxes, where people are tricked into paying with virtually untraceable gift cards or buying them, remain some of the most common.

    Another rich arena for scammers? Social media.

    “Social media is a huge opportunity,” Nash says, “setting up social media accounts and luring people in, especially if you’re dealing with social media platforms that aren’t doing a particularly good job of regulating what is a valid account versus what isn’t.”

    And if you do fall for a fraudulent post, all it takes is one click for disaster to ensue. Hit that link promising the deal of a lifetime to the first 500 customers, and you risk having your personal information stolen or your device compromised.

    Related: How to Avoid Getting Scammed by Influencers With Fake Followings

    How to avoid online scams on Black Friday and Cyber Monday

    So, how can you stay safe while shopping for some of the best (legitimate) deals of the year?

    First, never forget that if a bargain sounds too good to be true, it probably is, Nash says.

    Once you suspect you might be a target, do your own investigation. For example, if you receive an amazing offer with a link attached, don’t click it.

    Instead, take a good look at that web address, Nash suggests, searching for any alterations to an authentic retailer’s URL — whether it’s one of those misspellings or capitalization swaps. Copying the address into a word document and switching up the font can make it easier to spot discrepancies.

    You should also pay close attention to the message itself. Improper English and grammatical errors are red flags, Nash says.

    Another simple tactic? Type the deal into your browser to see if it comes up anywhere else.

    “If you start Googling it and you’re somehow the only person that seems to know where this thing is, there’s a good chance it doesn’t exist,” Nash explains. “You’re not that special. None of us are.”

    It’s also good practice to avoid giving out sensitive information as much as possible, even when websites seem legitimate. Consider using a separate credit card for online orders; some financial institutions even offer virtual credit cards. Both options can prevent cybercriminals from moving “laterally through the rest of your finances,” Nash says.

    Related: 11 Ways to Protect Your Business From Cyber Criminals

    Along the same lines, it’s important to make sure you’re using different usernames and passwords for all of your accounts.

    “If they trick you into the website and you give away your information, [for a] lot of folks, that means you give away everything because you didn’t just give away that one Visa or MasterCard,” Nash says. “It turns out that’s the only password and username used for everything. More than ever, this is the time of year to remember to randomize passwords and use password management and two-factor authentication.”

    If you do make a purchase and have doubts after the fact, it might not be too late to protect yourself. Start by seeing if you received a confirmation email with tracking information — if you didn’t, it’s a bad sign.

    “I had this happen to me, maybe 10 years ago,” Nash says. “I got a laptop — it was a little too good to be true, but not crazy good. And I got a tracking number that didn’t match up; the post office couldn’t figure it out, et cetera. Well, lo and behold, that laptop never made it to my house.”

    But depending on your payment method and the insurance terms associated (which you should check before you shop), you might be able to recoup that money, Nash notes.

    Keep these strategies in mind for a successful and safe Cyber Week this year.

    [ad_2]

    Amanda Breen

    Source link

  • The World is Doubling Down on Cybersecurity — Here’s What Business Leaders Should Know | Entrepreneur

    The World is Doubling Down on Cybersecurity — Here’s What Business Leaders Should Know | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In recent years, the cybersecurity environment has significantly transformed due to the adoption of more stringent regulations. As hackers become more sophisticated and audacious by the day, governments and regulators worldwide are catalyzing proactive measures to safeguard citizens and businesses alike.

    Following the EU’s revolutionary General Data Protection Regulation (GDPR) legislation back in 2018, we witnessed the US and even NATO forging ahead in the war against cyber criminals. For CEOs, understanding and adapting to this evolving landscape is not just a matter of compliance but a strategic imperative.

    Related: The Role of Leadership in Creating a Cybersecurity Culture — How to Foster Awareness and Accountability Across the Organization

    The dynamics of modern cybersecurity regulations

    Regulations have become more intricate and stringent in response to the escalating threat landscape. A prime example is last year’s SEC cybersecurity rules, which mandate public companies to divulge comprehensive information about their cybersecurity risks and the strategies to mitigate them. Moreover, these rules also advocate for the active involvement of CEOs in overseeing cybersecurity policies. This signifies a paradigm shift toward a more proactive and vigilant approach to safeguarding company assets.

    CEOs must also recognize that cybersecurity regulations vary from one country to another. Depending on the physical position of their clientele, businesses might have to adhere to multiple regulations. Take, for instance, the EU’s GDPR. It stands as one of the most rigorous cybersecurity regulations globally, applicable to any entity that handles the personal data of EU citizens. Imagine a business serving the US, Europe, and India, along with the SEC’s cybersecurity rules and GDPR, the US’s national cybersecurity strategy, India’s Data Privacy Bill, and many more necessitates CEOs to possess an intimate knowledge of the specific regulations applicable to the data they handle.

    Fines are only the tip of the iceberg in terms of the financial consequences of non-compliance. Legal fees, forensic investigations and potential lawsuits can take a heavy toll. Take GDPR as an example. Violations of its stringent data protection regulations can result in fines amounting to 4% of a company’s global revenue or €20 million, whichever is higher. This serves as a stark reminder that non-compliance can have severe financial repercussions, with the potential to cripple even the largest corporations. Additionally, there’s the less tangible but equally significant cost of lost opportunities and market share as customers migrate to competitors they perceive as more secure.

    Beyond the financial repercussions, reputation is another currency no CEO can afford to squander. A cybersecurity breach can inflict immeasurable damage to a company’s standing, eroding trust among stakeholders, customers and partners. CEOs must recognize that compliance is not merely a checkbox exercise but a foundational element of corporate responsibility and trust-building.

    Related: Cybersecurity Is No Longer An Option. Your Money Is in Immediate Danger.

    Navigating the regulatory landscape and ensuring compliance

    As a CEO, there are strategic steps you can take to prepare your organization for the labyrinth of cybersecurity regulations. This journey starts by embarking on a comprehensive risk assessment voyage to fathom the intricacies of your organization’s cybersecurity landscape. This entails delineating the scope of data collected and stored, identifying the systems and applications in use, and envisaging potential threats. Armed with this understanding, you can prioritize risks and craft a bespoke plan for mitigation.

    A robust cybersecurity program serves as the linchpin of your organization’s resilience. It should encompass a spectrum of security controls, including Identity and Access Management solutions for access control, Unified Endpoint Management solutions for device management and data encryption, and Endpoint Detection and Response solutions for proactive response. Additionally, establish a regimen for periodic testing and evaluation of cybersecurity compliance to ensure its efficacy.

    Lastly, the IT department and every employee are accountable for the organization’s security. The entire workforce must shoulder the onus of cybersecurity compliance. This requires a top-to-bottom commitment from the C-suite. CEOs are responsible for actively fostering a security culture, providing staff members with the skills and resources they need to recognize and address potential risks and setting the standard for the whole company. This involves regular engagement with the company’s cybersecurity strategy, understanding the risks, and making informed decisions. A well-trained workforce is an invaluable asset in the battle against cyber adversaries. This strengthens the company’s overall security posture and demonstrates a commitment to employee well-being. Concurrently, organizations must also invest in a skilled cybersecurity team to manage their compliance strategy effectively.

    Related: How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks

    Bottom line

    Compliance should not be viewed as an imposition but rather as a shared objective that aligns with the organization’s broader goals. Incentivizing compliance fosters a sense of collective responsibility and reinforces the importance of cybersecurity across all departments. While they might inadvertently strain business operations, cybersecurity regulations are no longer a choice but a necessity in the digital world.

    As the regulatory landscape tightens its cybersecurity grip, CEOs face challenges and opportunities. Embracing compliance safeguards the organization from regulatory penalties and fortifies its reputation and resilience in the face of evolving threats. By cultivating a culture of security, staying vigilant in the face of shifting regulations, and recognizing the holistic impact of compliance, CEOs can not only meet the demands of the present but also thrive in the age of cyber resilience.

    [ad_2]

    Apu Pavithran

    Source link

  • 7 Next-Gen Security Recommendations to Safeguard Your Data | Entrepreneur

    7 Next-Gen Security Recommendations to Safeguard Your Data | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    The threat landscape is growing, and professional cybercriminals are increasingly becoming more dangerous as their methods develop in complexity and sophistication.

    Although threat actors leverage different techniques, they all have a common goal: to find a single exploitable security weakness and rapidly take advantage of the situation. Developing a tactical response plan is essential; however, the best defense is strengthening security to prevent attacks from occurring in the first place.

    Most of us are familiar with common security recommendations: 2FA, software updates, data encryption, using secure networks, VPNs, proxy servers and more. While these recommendations should always remain part of your security toolkit, others have emerged to help you adapt to the rapidly evolving threat landscape.

    Related: Data Security: How To Protect Your Most Sensitive Asset

    1. Avoid inputting sensitive information into generative AI applications

    Generative AI leverages machine learning and deep learning algorithms to autonomously generate content based on complex data patterns. These systems are trained on datasets containing text from the internet, books, articles and other public sources; however, they can also “learn” from user interactions by collecting data from conversations.

    Recently, enterprise-grade versions of ChatGPT and GitHub Copilot have been introduced, claiming that these models do not use business and conversation data for training purposes. To safeguard sensitive data, at Oxylabs, we actively encourage our employees to use business accounts.

    Nevertheless, it is less clear how popular generative AI tools use customer data if customers interact with free versions. Therefore, users should still exercise caution by avoiding the input of sensitive or confidential company data into generative AI applications if free accounts are being used. Further, data should be completely anonymized and stripped of personally identifiable information to maintain privacy and security.

    2. Go beyond standard security protocols for remote teams with encrypted, containerized workspaces

    Hybrid teams went mainstream in 2020 and are likely here to stay. While working remotely benefits both employers and employees in many ways, the use of mobile teams continues to challenge organizations from a security perspective.

    We’re all familiar with conventional protocols such as using trusted Wi-Fi networks, VPNs, Multi-Factor Authentication (MFA) and data encryption. Due to the increasing use of cloud-based services, companies must also ensure each vendor has robust security practices in place and maintains compliance with the latest security regulations.

    Another emerging recommendation is deploying encrypted, containerized workspaces on company-owned and personal employee devices. The use of such systems ensures data is secured in a container even if device safety is compromised. For example, if malware infects a containerized browser, it won’t be able to spread anywhere beyond it.

    3. Secure supply chains with a risk-mitigation strategy

    Supply chains are growing in size and complexity, requiring a comprehensive risk management strategy that includes compliance with regulations and robust safety protocols.

    Risks include phishing attacks, ransomware, software vulnerabilities, man-in-the-middle attacks and more. It is recommended to implement standard security measures such as firewalls, intrusion detection systems and advanced security monitoring. Further, it’s essential to integrate specialized security standards and practices, such as the Cybersecurity Framework developed by the U.S. Institute of Standards and Technology (NIST).

    Related: How to Mitigate Cybersecurity Risks Associated With Supply Chain Partners and Vendors

    4. Swap traditional encryption methods with quantum-resistant encryption algorithms

    Quantum computers beat traditional computers by leveraging quantum mechanics to solve complex problems faster; however, their use poses a challenge to commonly used encryption methods.

    Encryption typically converts plaintext (unencrypted data) into ciphertext (encrypted data) using a cryptographic algorithm that requires a key to “unlock” the data. Quantum computing potentially weakens or breaks commonly used encryption techniques, such as Grover’s algorithm, Shor’s algorithm and quantum key distribution.

    To address the threat, researchers are exploring post-quantum cryptographic techniques and algorithms designed to withstand attacks from quantum computers. These include code-based cryptography, hash-based cryptography, lattice-based cryptography and more. In the meantime, organizations must maintain a robust security posture and stay informed of quantum-resistant encryption methods as they become available.

    5. Safeguard Cyber-Physical Systems (CPS)

    Cyber-Physical Systems (CPS) communicate with the world around us through a network of computational and physical components. These include electrical power distribution systems or smart grids, smart traffic management systems, autonomous vehicles, remote healthcare monitoring, smart buildings and more.

    The concept has been around for decades; however, the emergence of Internet of Things (IoT) devices, connected appliances and sensor technology has increased CPS prevalence substantially since 2010. Data generation has grown concurrently, attracting cybercriminals in the process.

    Access control, authentication, software updates, monitoring and regulatory compliance are well-known protocols to secure CPS. Emerging recommendations also include:

    • Network segmentation to isolate critical CPS components and less crucial systems to limit access in the event of an attack;

    • Designing CPS systems with redundancy and fail-safe mechanisms to ensure systems keep operating if an attack or system failure takes place;

    • Regular penetration testing or simulated cyber attacks to identify vulnerabilities.

    6. Boost your Identity and Access Management (IAM) strategy with three-factor authentication (3FA) and passkeys

    We’re all familiar with two-factor authentication (2FA), where two steps or “factors” are required to access a system, including a password or PIN and a mobile phone or device that generates a one-time password (OTP).

    3FA takes security up a level by requiring authentication comprised of some type of biometric data, such as a fingerprint, face scan, iris recognition, vein recognition, voice recognition or other piece of highly individual data. However, even 3FA might soon be overthrown by passkeys, a technology already used by Google. Resistant to phishing, passkeys utilize fingerprints, face scans or pins to unlock a device or program without using passwords.

    Related: Cybersecurity for Small and Medium-Sized Businesses — How to Conduct a Comprehensive Risk Assessment

    7. Protect assets with cyber insurance

    Last but not least is cyber insurance. It’s not the most innovative or exciting recommendation on this list, but insurance has existed for hundreds of years because it adds value to any security strategy.

    Cyber insurance can protect your organization from liabilities associated with sensitive data breaches, such as credit/debit card details, health records and social security information. While it may be cost-intensive in some cases, it does have the potential to save your organization millions of dollars in the event of a security breach.

    Cybercriminals continuously enhance their techniques. That’s why it’s imperative to stay a step ahead with a robust data security strategy that fuses next-generation practices that go beyond familiar safety protocols. Integrating these recommendations protects your organization’s digital assets on the ever-evolving threat landscape to ensure long-term business viability and success.

    [ad_2]

    Julius Černiauskas

    Source link

  • Data Breaches Cost $1 Million More When Remote Work Is Involved — Here Are 4 Steps to Protect Your Business. | Entrepreneur

    Data Breaches Cost $1 Million More When Remote Work Is Involved — Here Are 4 Steps to Protect Your Business. | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    Remote work is a double-edged sword: It provides your employees with the comforts of staying at home, but it also creates additional security risks as they are more likely to use unprotected devices and connect to unsecured public networks.

    At least 20% of businesses went through a data breach caused by remote workers. As reported by IBM, the average data breach cost is $1 million higher in companies where remote work is common. It also takes 58 days longer for such organizations to discover and contain data breaches.

    Related: Entrepreneurs Beware: Remote Work Can be Fertile Ground for Cybercriminals

    Step 1: Categorize your company’s data

    Your business holds vast data, from client credit card details to employee IDs. For effective security, categorize your information. We classify ours into three: critical, restricted and confidential data.

    Critical data is what, if leaked, would seriously damage the company’s reputation, making a return to normal operations almost impossible. It includes user credentials, card security codes, client order history and customer behavior data. I would also add source code for software companies.

    Restricted data, if leaked, could seriously threaten our business. It would undermine the company’s reputation, but it’d be possible to continue operating in a limited way. Such data contains emails, locations, device info, app usage insights and many other kinds of data from our customers.

    The last category, confidential data, includes the organization’s trade secrets. Such leaks would harm the company’s operations but would have a smaller impact on its reputation. It comprises the team members’ data, company policies and procedures, recruitment process details, source code, financial statements and more.

    Step 2: Calculate the cost of a breach and create policies

    We all hate bureaucracy— I know that. Yet for a business to work, its members must follow certain rules (i.e. policies). To create a good cybersecurity policy for remote workers, you need accurate data. I recommend calculating the cost of potential data breaches using real money.

    Be sure to take into account all types of losses. A company’s data breach results in direct expenses like investigation and compensation, indirect costs from recovery efforts and lost revenue and opportunity costs due to reputational damage and lost potential business.

    After calculating the costs of a data breach, design policies. Standard procedures usually include policies on how you label and share data, what security controls you must have and what training your workers must attend.

    Related: How Do You Manage Cybersecurity With Employees Across the Globe? Here’s Your Answer.

    Step 3: Reduce the risks of remote work

    First, ensure the security of your computers. Make it so your remote workers access corporate resources from corporate devices only. Have your helpdesk specialists configure all devices according to your information security standards. They’ll need special administration tools for the task like JAMF.

    Second, monitor the state of your corporate devices. Handle the installation of patches, security updates and the latest versions of OS and software. Use special monitoring tools like JAMF and encourage employees to keep their working stations up-to-date. Last, install an Endpoint Detection and Response (EDR) or Antivirus (AV) agent to track malicious activities on your corporate computers. An example of such a system would be CrowdStrike.

    Third, control the access to corporate resources. Remote workers should only have access to resources necessary for their work. Make it so they can interact with them only with the corporate VPN turned on. I recommend also enabling IPS or IDS on the VPN to look out for network anomalies.

    Don’t forget about multi-factor authentication. It’ll add one more layer of security to your company’s data and decrease the chance of unauthorized access, and you can use ready-made MFA solutions.

    Step 4: Encourage your remote workers to be responsible

    Truth bomb: The actions above aren’t enough to protect your business from security risks. About 60% of attacks succeed because average employees make mistakes. It’s your duty to help your employees understand the importance of cybersecurity.

    First, encourage them to use special apps that track whether their device is safe. They can be in the form of a security checklist, which dynamically checks various system indexes and is easy to understand.

    Second, motivate workers to keep the corporate VPN turned on. You can also make their lives a lot easier by making the VPN connect automatically when the system starts up. If you don’t have a business VPN, use a regular one from a trusted provider.

    Last, don’t forget about training. Encourage your workers to learn, but make it exciting. Monotonous video lectures won’t do — add gamification and interactivity. Your company’s security rests with your team; build a strong human firewall by instilling best practices and fostering vigilant behaviors.

    Related: How Safe Is Your Data While Working Remotely?

    Bonus step: What to do with your freelancers

    The problem with freelancers is that you can neither make them work on your corporate laptops nor install special security software on their devices. You can, however, manage their access to your company’s resources.

    Limit their access to essential company resources, using the least privilege principle. If feasible, avoid access altogether and establish secure data-sharing protocols. Always clarify collaboration terms in contracts and NDAs detailing data access and usage. Emphasize that violations may lead to legal consequences.

    Safeguarding your company in a remote work era is entirely achievable. Begin by discerning the types of data you possess and understanding the potential costs of breaches, tailoring security measures in response. Prioritize the integrity of your corporate devices and manage access to resources. Talk to your remote workers and implement the use of robust security tools like VPNs.

    [ad_2]

    Mykola Srebniuk

    Source link

  • 5 Things Successful Businesses Do to Fight Cybercrime | Entrepreneur

    5 Things Successful Businesses Do to Fight Cybercrime | Entrepreneur

    [ad_1]

    In this digital age, cyberattacks aim to exploit a business’s every vulnerability—namely it’s people, devices, and systems. With attacks potentially coming from every direction, what is a business leader supposed to do? Where do you start?

    If you’re ready to stop worrying and start preparing, then you won’t want to miss this free webinar, 5 Things Successful Businesses Do to Fight Cybercrime, sponsored by Comcast Business and presented by Entrepreneur.

    Join us for an illuminating conversation during which we’ll break down the essential strategies to help safeguard your business against cybercrime. With our panel of cybersecurity experts, we’ll deliver actionable insights that can help you understand the risks of cyberattacks and develop a cybersecurity strategy.

    The conversation will be led by business consultant and moderator Terry Rice. He will be joined by Shena Seneca Tharnish, VP of Secure Networking & Cybersecurity Solutions at Comcast Business, and Mani Sundaram, EVP and GM of Akamai’s Security Technology Group.

    Attendees of this webinar will gain a deeper understanding of the following takeaways:

    • Awareness of different types of threats: Gain an understanding of the cyber threats that are out there, from ransomware to phishing scams. Be in the know to stay a step ahead.
    • Educating leaders and employees: Learn how to foster a culture of cybersecurity awareness within your organization. Get your team equipped and aligned to fight off cyber threats.
    • Have a plan in place: Get a framework for developing a cybersecurity plan that covers proactive and reactive measures. A plan isn’t a luxury; it’s a necessity.
    • Invest in the right technology: Discover the types of cybersecurity technology that new and growing businesses should consider. Think of technology as in investment in an effort to protect your business assets.
    • Make cybersecurity part of your business planning: Understand how to integrate cybersecurity measures into your business model and planning phases. Make security a routine aspect, not an afterthought.

    The 5 Things Successful Businesses Do to Fight Cybercrime webinar will take place live on Wednesday, October 25 at 12 p.m. ET | 9 a.m. PT.

    Webinar subject to change or cancellation.

    [ad_2]

    Entrepreneur Events

    Source link

  • A Cybersecurity Expert Reveals Why You’re a Cybercriminal’s Next Target — and 5 Things You Can Do to Beef Up Your Defense. | Entrepreneur

    A Cybersecurity Expert Reveals Why You’re a Cybercriminal’s Next Target — and 5 Things You Can Do to Beef Up Your Defense. | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    If your company was hit by ransomware today, who would you call? Or perhaps a better question: How would you call them? It sounds absurd, but as a cybersecurity expert, I’ve seen organizations paralyzed in the first hours after an incident simply because nobody knows anyone’s cell number anymore. Without access to email or messaging systems, communication grinds to a halt and workers, customers and suppliers are all left wondering what is going on. Panic rapidly escalates into a crisis.

    There’s a tendency to think about cybersecurity as being the responsibility of the IT or security department. But protecting your company comes down to two things: organizational culture and planning. That’s why some of the most important people on cyber defense aren’t in the IT team — they’re in human resources.

    The HR team is uniquely placed to embed cybersecurity preparedness into the everyday working of an organization. It’s responsible for building the policies and processes to mitigate risks and ensure the business has the competencies to be resilient to foreseeable challenges — and those include cyberattacks. And as the custodians of employees’ sensitive personal information, HR teams are themselves prime targets for hackers.

    Unfortunately, this vital role is often overlooked. So here are five ways HR can help make your business a tough target for cybercriminals.

    Related: 78% of Employers Are Using Remote Work Tools to Spy on You. Here’s a More Effective (and Ethical) Approach to Tracking Employee Productivity.

    Build a cybersecurity culture

    Eternal vigilance is the price of our liberty to roam the internet. The number of threats is mind-blowing — a recent report found the average education institution faces more than 2,300 attempts to breach its systems in a week, while healthcare organizations fend off more than 1,600 attacks. With so many digital grenades being lobbed, it’s incredibly hard to catch them all. However, a strong cybersecurity culture helps an organization defend against attacks and limits the blast radius when one does get through. The tough part: Everyone has to be on the same page when it comes to online behaviors.

    Step one is to ensure you have the training tools so that employees know what they should and should not be doing. Most organizations are reasonably good at this. Whereas, many fall short by not putting that information into practice every day.

    The best way to ensure that everyone considers cybersecurity a fundamental part of their responsibilities is to build it into performance reviews. This should not take the form of calling out workers for every dodgy link they click on. Instead, it should be a constructive conversation about how they’re keeping up with their cyber literacy training. There are cyber health-check tools that workers can use to analyze their online behavior and address weaknesses (like reusing Pa$$w0rd across half the internet or not using two-factor authentication) and often these can be used to track progress toward cybersecurity goals at an organizational level.

    When safety precautions are regularly discussed, they just become part of how you do business.

    Protect your crown jewels

    HR has custody of some of the most sensitive information in an organization — and hackers know this. In the past five years or so, many companies have adopted platforms that enable employees to self-serve routine tasks like vacation requests. However, third-party platforms come with risks. Hackers target them in so-called supply chain attacks, knowing that if they get lucky, they can access troves of information from multiple companies. In 2021, more than 300 organizations were breached in a hack of a widely used file transfer system. One of these was the University of California, which said the information exposed included employees’ social security numbers, driver’s licenses and passport details (the UC system offered its staff free ID monitoring services).

    Job one for HR professionals is to ensure employee data remains confidential. Perform extensive due diligence before your organization signs up for any third-party HR service. Only consider companies that comply with international standards (SOC 2 and ISO 27001 are the main ones to look out for) and check online for reports of security incidents at the site in the past few years. Also, look into where your data is being stored and how it is being backed up. Depending on your location and industry, you may have to comply with data residency laws.

    Stop hoarding data

    Updating the data retention policy should be on the to-do list of every HR department. I say updating because every company has a data retention policy whether they know it or not. If yours isn’t written down, then your policy is simply to keep everything forever. And that exposes you to considerable risk. The more data you have, the worse a breach can be — it’s especially bad if you’re hoarding data you no longer need. Many jurisdictions have limits on how long companies should retain sensitive information — it’s often around seven years for records on former employees.

    Figure out who will call the shots when a breach happens

    Cybersecurity may be everyone’s day-to-day responsibility, but when an attack gets through there should be one person in charge of the response. In cybersecurity lingo, we call this the incident commander. While everyone can have an opinion on the best course of action, decision-making power rests with them.

    The job spec for incident commander only has one line: It’s whoever best understands cybersecurity issues in your organization. Depending on the size of your business, that might be a cybersecurity leader, the head of IT or it could be Joanne in accounting who took a few courses on this stuff. Whoever it is, make sure you’ve identified them before an incident happens and have clearly communicated that to your team. Once a cybersecurity incident happens, events move quickly — in one case I was involved in, the hackers gave a 45-minute warning before starting to post sensitive information — so you don’t want to waste time figuring out who’s in charge.

    Run some drills

    Planning is only one half of the equation. Practice is the other. Plenty of research has shown that people don’t think clearly in stressful situations. We perform drills for fires and earthquakes to give us a framework to fall back on in an emergency. The same idea works for cybersecurity incidents. Set aside two hours once a year to run a tabletop exercise with key staff that simulates what you’ll do if the company is hacked. In these exercises, someone takes the role of a moderator to explain the nature of the attack and what’s been affected, while everyone else plays out how they’d respond.

    The first time you conduct the exercise, it’ll likely be a mess — but that’s the point. The scramble to figure things out will reveal the gaps in your plans. Over time, the drills will become second nature.

    Related: So, You’ve Been Hacked. These are the Best Practices for Business Leaders Post-Hack

    And write contact information down — on paper

    Put the incident team’s phone numbers down on paper and update the list regularly. Yes, it’s old school. Yes, it’s annoying. And yes, one day you’ll be thankful you did.

    [ad_2]

    Claudette McGowan

    Source link

  • Don’t Overlook This Critical Element in Your Cybersecurity Strategy | Entrepreneur

    Don’t Overlook This Critical Element in Your Cybersecurity Strategy | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    The SaaS model has revolutionized the way businesses operate and engage with software. By allowing businesses to access software applications over the internet on a pay-as-you-go basis, it eliminates the need for complex physical infrastructure and extensive maintenance. Additionally, it offers startups the agility to scale swiftly and leverage a recurring revenue model.

    However, this increasing reliance on cloud-based services implies an expanded attack surface, the points where potential cybersecurity threats can penetrate the system. In the SaaS realm, providers are custodians of their customer’s data. Therefore, data breaches could significantly tarnish their reputation, lead to financial losses and even invite legal liabilities.

    Related: This Is Why We Need To Focus More on Cybersecurity Strategy

    Attack surface management: Unveiling the concept

    In cybersecurity parlance, the attack surface refers to all the potential points where unauthorized users might infiltrate the systems or data. These points could be hardware, software, networks or even users. As SaaS startups grow, so does their attack surface, making it a complex task to secure their landscape.

    ASM involves the continuous practice of mapping, monitoring and managing this surface to neutralize potential security threats. This encompasses identifying vulnerabilities, reducing unnecessary access privileges and conducting perpetual surveillance for new potential risks.

    Why SaaS startups must implement an ASM strategy

    For SaaS startups, implementing a robust ASM strategy is critical. Here are the reasons, along with some technical considerations:

    Reducing vulnerabilities:

    By accurately identifying their attack surface, startups can discover system vulnerabilities before cyber criminals exploit them. These vulnerabilities can be:

    • Software vulnerabilities: Bugs or errors in the code, outdated software and unpatched systems can serve as a gateway for attackers.

    • Network vulnerabilities: Weak or poorly configured network security measures can provide opportunities for attacks.

    • Human vulnerabilities: Employees can unwittingly create security holes by falling for phishing scams, using weak passwords or failing to follow best practices.

    ASM helps startups proactively address these vulnerabilities, using tools such as vulnerability scanners and automated patch management systems.

    Regulatory compliance:

    As data privacy and security draw global attention, industries are burdened with rigorous regulatory obligations. Non-compliance can lead to severe penalties and legal ramifications. ASM helps startups meet regulations such as GDPR, CCPA and HIPAA by ensuring they have a clear understanding of their data flows, access controls and security vulnerabilities.

    Protecting brand reputation:

    In the era of digital commerce, customers’ trust in a brand is often tied to their confidence in its ability to secure their data. A single data breach can severely damage a startup’s reputation, making it difficult to retain customers and attract new ones. ASM plays a crucial role in building and maintaining this trust by demonstrating a proactive approach to security.

    Avoiding financial loss:

    Cybersecurity breaches often result in significant financial losses, from system downtime and loss of business to legal fees and regulatory penalties. Startups, particularly in the early stages, might not have the financial resilience to withstand such losses. Implementing an effective ASM strategy can help prevent these damaging events.

    Fostering customer confidence:

    A strong security posture isn’t just about avoiding negative outcomes; it can also serve as a key differentiator in a competitive market. When startups can clearly communicate their commitment to data protection and demonstrate robust ASM practices, they build trust and confidence among their customer base, leading to improved retention and acquisition.

    Related: Why Is Cybersecurity Important for Your Business? Neglecting It Could Be Your Downfall.

    The how-to of implementing effective ASM

    Given its criticality, how can SaaS startups implement effective ASM? Here are a few strategies, each with its technical facets:

    Comprehensive visibility:

    Comprehensive visibility is fundamental to effective ASM. SaaS startups need to maintain a clear and detailed understanding of their digital ecosystem. This entails the identification and documentation of every piece of hardware, every software application, all network components and data.

    Asset discovery:

    The first step is to perform asset discovery, which can be a daunting task given the vast and interconnected digital assets in a SaaS setup. An asset discovery tool is typically used to automate this process. These tools scan IP addresses across the network, identifying and cataloging every device and system in their path.

    Asset discovery tools not only detect assets but also gather metadata about them, including the operating system, installed software, open ports and more. This data is invaluable when it comes to managing and reducing the attack surface.

    Cloud assets and shadow IT:

    For SaaS startups, it’s important to extend visibility to cloud assets. Traditional asset discovery tools may not cover cloud-based assets like virtual machines, databases or containers. Using cloud-native tools or third-party solutions that can discover and monitor cloud assets is essential.

    Startups should also watch out for shadow IT, which refers to software, devices or services used without explicit IT department approval. These can significantly expand the attack surface, often without the knowledge of IT or security teams. Solutions for shadow IT discovery and control are available and should be a part of the visibility strategy.

    Regular assessments:

    Regular vulnerability assessments can preempt potential threats before they materialize. Startups can use automated vulnerability scanning tools, which will systematically check their systems for known vulnerabilities and penetration testing, a more aggressive approach that simulates the tactics of real-world attackers. With the digital landscape in constant flux, regular assessments form a critical part of ASM. These assessments should focus on identifying vulnerabilities that could potentially be exploited by attackers.

    Vulnerability scanning:

    Vulnerability scanning is an automated process that checks systems for known vulnerabilities. These tools utilize databases like Common Vulnerabilities and Exposures (CVE) to identify software weaknesses. For comprehensive protection, startups should ensure their vulnerability scanning tools cover their entire environment — including cloud and mobile assets.

    Automation:

    With the complexity of modern digital environments, automation is vital for effective ASM. Automated scanning should be supplemented with manual code reviews, especially for the startup’s proprietary software. Manual reviews can often catch logical errors or other issues that automated tools might miss.

    Penetration testing:

    Penetration testing takes vulnerability assessment a step further. Rather than just identifying potential vulnerabilities, it actively attempts to exploit them to evaluate the system’s defense capability. This form of testing mimics real-world attacks and can help startups understand how an attacker could potentially breach their defenses. While regular penetration tests are essential, they should be performed by certified ethical hackers or reputable third-party security firms to ensure the process doesn’t inadvertently cause harm.

    In a nutshell, with escalating cyber threats, attack surface management has become a critical element of the cybersecurity strategy for SaaS startups. By proactively identifying, managing and minimizing their attack surface, startups can safeguard their customers, reputation and bottom line while fostering a resilient cybersecurity culture. This proactive approach will stand them in good stead as they navigate the dynamic and often challenging landscape of the SaaS industry.

    Related: Cybersecurity for Small and Medium-Sized Businesses — How to Conduct a Comprehensive Risk Assessment

    [ad_2]

    Jim Koohyar Biniyaz

    Source link

  • Why Businesses Should Go Passwordless as Soon as Possible | Entrepreneur

    Why Businesses Should Go Passwordless as Soon as Possible | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In the privacy-driven business environment, passwords are gradually becoming obsolete. Did you know that the first digital password debuted in the 1960s? Until then, passwords had remained the same over time, despite several improvements to digital identification and verification.

    Certainly, passwords are a holdover from the era before when cyber crime and password-based attacks became a serious and pervasive issue. With the proliferation of technology and user accounts, major challenges have emerged due to passwords, including the need for users to remember numerous passwords, support expenses and — most importantly — the security concerns posed by stolen credentials. As a result, the reason for eliminating passwords from the authentication process becomes more compelling every day. This is where passwordless authentication comes to the rescue.

    Related: Here’s Why It’s Time to Move Away From Passwords

    What is passwordless authentication?

    Passwordless authentication eliminates the need for a password by allowing users’ identities to be verified by their biometrics or other possessions, thereby minimizing security vulnerabilities. Backing this statement, Microsoft claims that combining biometrics and possession authentication reduces account security risks by 99.9%.

    Considering the vulnerabilities of password-based authentications, businesses must take the necessary actions to implement passwordless authentication as soon as possible to secure their users’ data and identities. In light of that, I’ll explain why this is the ideal time for businesses to use passwordless authentication.

    Witnessing current technological advancements, it is evident that authentication techniques have also advanced significantly since former times, providing us with safer and more beneficial alternatives for authentication. Why do we still secure our data using old and ineffective techniques like password-based authentication?

    However, fortunately, businesses are now quickly evolving to replace passwords since technology and its users continue to grow along with the demand for branding, visibility and application efficiency, thereby leading to enhanced data privacy and security.

    Considering the potential dangers and inconveniences involved with using passwords, many businesses are now moving on from passwords eventually and switching to more secure authentication methods like passwordless authentication. Furthermore, given the surge in cyber attacks and credential theft, abandoning passwords is highly advantageous, and when done correctly, it increases security and convenience.

    Related: Here’s Why Passwordless Authentication Is Better for the Business Environment

    Why businesses should consider going passwordless right now

    When businesses adopt passwordless, they must first identify the drawbacks of using passwords and feel the benefits of a passwordless future. In that context, it is essential to consider security, authenticity and applicability. The critical justifications for businesses to take the passwordless route are outlined in the list below.

    Get rid of exhausting password management:

    For users, it’s easy to mistype or forget passwords for their accounts. They eventually develop weak passwords like p@ssw0rd or Password*12345 to make them easier to remember. Moreover, many users tend to write them down on sticky notes or save them in a computer document, compromising critical information security.

    However, there are no passwords to remember with passwordless authentication since they only involve authentication factors like email or SMS OTP, magic links and biometrics. Also, businesses can save users’ time by eliminating the need to hunt up the right passwords or frequent password resets, thereby making the user experience seamless.

    Reduce the cost of IT support:

    According to Forrester research, businesses spend up to $1 million annually on equipment and personnel to handle password resets. Fortunately, password-related expenditures, including password storage and administration costs, can be drastically reduced with passwordless authentication.

    Decrease the likelihood of password-based attacks:

    Businesses are becoming increasingly susceptible to password-based attacks, but only a few are equipped to defend against them. Passwords are highly vulnerable to cyber attacks, which can be deceptively subtle and take various forms. However, by using passwordless authentication, this risk is minimized. Going passwordless necessitates an initial infrastructure investment, but it can eventually lower the cost of password management.

    Users’ information is safer when passwords are eliminated:

    Years of experience have made it easy for cyber criminals to guess, steal or acquire passwords. For instance, Microsoft reported that 44 million accounts were at risk of account takeover due to stolen or compromised passwords.

    Also, a Google poll revealed that 65% of users repeat passwords across numerous accounts or websites. Given these statistics, it is probable that passwords have already caused threats and will continue to do so to the detriment of businesses and their users. Businesses cannot fully influence users’ behavior, but by going passwordless, they may decrease the likelihood of a cyber attack.

    Passwordless authentication increases conversion rates:

    Businesses that make login processes more seamless for users get higher conversion rates. When logging in with passwords, users often give up halfway through the procedure since they find it too difficult or time-consuming to complete. For instance, VTEX, a cloud-based ecommerce platform, claims that getting rid of password-based logins that reduce login friction can increase conversions by up to 54%.

    Related: Passwords Are Scarily Insecure. Here Are a Few Safer Alternatives.

    The aforementioned reasons are some critical aspects that should drive businesses to adopt passwordless as soon as possible.

    Since the risks associated with passwords continue to rise, businesses must swiftly move on from passwords in preference for efficient passwordless multi-factor authentication systems. Businesses that implement it correctly will increase security while enhancing user comfort for authentication. The decision to start a passwordless journey depends on your business model and needs.

    Going passwordless is more likely to be an evolutionary rather than a revolutionary process. Even though it won’t happen overnight, businesses can gradually transition to a passwordless future by carefully planning their strategy and roadmap toward the end vision. And businesses aware of all the considerations and standards will be in a good position to design a passwordless journey to prevent identity threats, provide excellent digital experiences and increase brand exposure.

    [ad_2]

    Deepak Gupta

    Source link

  • Been Hacked? These are Your Next Steps | Entrepreneur

    Been Hacked? These are Your Next Steps | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    Data is the most valuable asset in today’s interconnected world, where ones and zeroes reign supreme. However, securing every last byte of the predicted 181 zettabytes of data that will be consumed by 2025 is a dystopia in and of itself. So, as a business leader, it’s not a matter of if but when your organization will face a cyber incident.

    Immediate financial losses aren’t the worst part of a data breach. In fact, the lasting effects are the more troublesome ones. Long-term implications of a data breach spread across a company and impact its reputation, customers, workforce, databases and even its network architecture.

    How you react following an attack has an enormous influence on the effectiveness of your recuperation efforts and the long-term viability of your organization. In this article, we will explore the essential steps business leaders should take and the pitfalls to avoid in the challenging journey after a hack.

    Related: How to Protect Your Customers (and Your Brand) From Data Breaches

    Essential steps in the wake of a data breach

    Much like death and taxes, cyberattacks are now a part of everyday life. By following a prepared strategy, the actions you take can maintain data security, significantly reduce risk and help mitigate some of the fallout.

    The first hours and days following a cyberattack are crucial. Unfortunately, in many cases, weeks and months can pass before companies realize they are breached. The sooner you respond, the better your chances of minimizing its impact on your organization. Quickly finding breached endpoints and servers and rapidly segregating them should be prioritized. This strategy prevents lateral movement within the corporate network and hinders dangerous code from infecting further systems.

    Successful containment brings us to the next phase — assessing the scope of the hack. A major part of efficient recovery depends on knowing how large the breach is. Conduct a thorough investigation to determine what data has been compromised and how it could affect your company’s operations. Before restarting operations, do a comprehensive analysis, uncover any vulnerabilities, fix them and ensure all affected systems are secure. Depending on the scope and resources of your in-house IT team, you can either employ vulnerability management tools or engage the expertise of a seasoned cybersecurity firm.

    Related: Cybercrime Will Cost The World $8 Trillion This Year — Your Money is in Danger. Here’s Why Prioritizing Cybersecurity is Crucial to Mitigate Risk

    Perform a thorough evaluation of your current security protocols, policies and technologies when there is even a slight indication of a breach. Identify any vulnerabilities or loopholes that were exploited during the assault and put strong measures in place to stop similar attacks in the future.

    The primary actions to consider here include implementing a Secure Access Service Edge solution (SASE), an Identity Access Management solution (IAM), Endpoint Threat Detection and Response (EDR) cloud security solutions and a combination of Unified Endpoint Management (UEMs) and endpoint security solutions. Regardless of the blend of tools and solutions you choose, the end goal should always be to promote a culture of zero trust in the digital landscape.

    Employees tend to be the most vulnerable branch of a company’s security architecture. Cybercriminals exploit these human vulnerabilities through social engineering and phishing attacks. Reports show that 74% of all attacks last year were instigated due to human error. So, routinely instruct your employees on cybersecurity best practices, highlighting the need to use strong passwords, spot phishing scams and adhere to safe protocols. When executed successfully, employee education is a strong deterrent against future assaults.

    Like a seasoned gladiator ready for battle, merely arming yourself for the hack is insufficient; you must also be prepared to defend yourself from attacks. Frequently put your crisis response plans to the test and refine them via simulated exercises. Through such drills, you can identify any shortcomings or deficits in your response capabilities and fine-tune the process. A well-trained team can react swiftly and efficiently to reduce the damage brought on by a breach.

    Critical mistakes to avoid post-hack

    Recovering from a hack is a strenuous and exhausting endeavor, and there are certain obstacles or pitfalls to avoid that could turn a fiery blaze into a roaring inferno.

    The most important thing is that there is no room for denial. Hiding a breach under the rug or downplaying its severity only worsens the situation and builds distrust among stakeholders. Transparency is crucial after a cyberattack. Inform your staff, clients, business partners and the proper authorities as soon as possible about the incident and its severity. It’s also important to control your reputation and communicate effectively. Ignoring public relations can have a long-lasting negative effect on your brand and customer loyalty.

    Another mistake is overlooking the importance of cybersecurity insurance. Cyber insurance is a critical part of any company’s risk management strategy. Even companies with robust security systems are susceptible to hacking, and cyber insurance may help shield them from the resulting financial fallout. The global average cost of a single data breach was $4.25 million last year. Compared to that, the cost of a comprehensive insurance policy is only a fraction of that amount.

    Related: The Top 3 Mistakes Businesses Make After a Hack

    Bottom line

    A cyberattack is likely to happen to any organization that functions digitally, but how an organization responds to such an incident matters. Successfully navigating the path to recovery helps organizations emerge stronger, more resilient and better prepared to turn victimhood into vigilance. Life following a hack presents an opportunity to grow and fortify your organization against new threats looming over the horizon.

    [ad_2]

    Apu Pavithran

    Source link

  • How Cyber Criminals Are Weaponizing Generative AI | Entrepreneur

    How Cyber Criminals Are Weaponizing Generative AI | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    The rapid evolution of artificial intelligence (AI) has brought about significant advancements in various sectors. However, the same technology that now powers our daily lives can also be weaponized by cybercriminals. In fact, we already know AI is being used by hackers. A recent spike in social engineering attacks leveraging generative AI technology has raised alarm bells in the cybersecurity community.

    Generative AI, exemplified by tools like OpenAI’s ChatGPT, uses machine learning to generate human-like text, video, audio and images. While these tools have numerous beneficial applications, they are also being exploited by malicious actors to carry out sophisticated social engineering attacks. The advanced linguistic capabilities and accessibility of generative AI tools create a breeding ground for cybercriminals, enabling them to craft convincing scams that are increasingly difficult to detect.

    Moreover, generative AI can automate the personalization of social engineering attacks on a mass scale. This development is particularly concerning as it erodes one of our most potent defenses against such threats — authenticity. In the face of phishing and similar attacks, our ability to discern genuine communications from fraudulent ones is often our last line of defense. However, as AI becomes more adept at mimicking human communication, our “BS radar” becomes less effective, leaving us more vulnerable to these attacks.

    Related: Safeguarding Your Corporate Environment from Social Engineering

    How cyber criminals are weaponizing generative AI

    A recently published research analysis by Darktrace revealed a 135% increase in social engineering attacks using generative AI. Cyber criminals are using these tools to hack passwords, leak confidential information and scam users across a number of platforms. This new generation of scams has led to a surge in concern among employees, with 82% expressing fears about falling prey to these deceptions.

    The threat of AI, in this context, is that it substantially lowers or even eliminates the barrier of entry to fraud and social engineering schemes. Non-native or poorly skilled native speakers benefit from generative AI, which allows them to have error-free text conversations in any language. This makes phishing schemes much harder to detect and defend against.

    Generative AI can also help attackers bypass detection tools. It enables the prolific production of what could be seen as “creative” variation. A cyber attacker can use it to create thousands of different texts, all unique, bypassing spam filters that tend to search for repeated messages.

    In addition to written communication, other AI engines can produce authoritative-sounding spoken words that can imitate specific people. This means that the voice on the phone that seems like your boss may well be an AI-Based voice-mimicking tool. Organizations should be ready for more complex social engineering attacks that are multi-faceted and creative, such as an email followed by a call imitating the sender’s voice, all with consistent and professional-sounding content.

    The rise of generative AI means that bad actors with limited English skills can quickly create convincing messages that seem more authentic. Previously, an email riddled with grammatical errors, claiming to be from your insurance agency, was promptly recognized as a fraud and immediately disregarded. However, the advancement of generative AI has significantly eliminated such apparent indicators, making it harder for users to differentiate between authentic communications and fraudulent scams.

    Indeed, tools like Chat-GPT have built-in limitations designed to prevent malicious use. For instance, OpenAI has implemented safeguards to prevent the generation of inappropriate or harmful content. However, as recent incidents have shown, these safeguards are not foolproof. A notable example is the case where users were able to trick ChatGPT into providing Windows activation keys by asking it to tell a bedtime story that included them. This incident underscores the fact that while AI developers are making efforts to limit harmful usage, malicious actors are constantly finding ways to circumvent these restrictions, proving that safeguards on AI tools are not a defense mechanism we can count on.

    Related: This Type of Cyber Attack Preys on Your Weakness. Here’s How to Avoid Being a Victim.

    How to protect yourself and your organization from AI-driven social engineering attacks

    The defense against these threats is multi-faceted. Organizations need to make use of real-time fraud protection capable of detecting more than the usual red flags that scream fraud. Some experts suggest fighting fire with fire and using advanced learning methods to determine suspicious attempts and potentially discover AI-generated phishing texts.

    To defend against AI-driven social engineering attacks and ensure robust personal security, we must adopt a multi-faceted approach. This includes using strong and unique passwords, enabling two-factor authentication, being wary of unsolicited communications, keeping software and systems updated and educating oneself about the latest cybersecurity threats and trends.

    While the emergence of free, simple, accessible AI benefits cyber attackers enormously, the solution is better tools and better education — better cybersecurity all around. The sector must initiate strategies that pit machine against machine, rather than human versus machine. To achieve this, we need to contemplate sophisticated detection systems capable of identifying threats generated by AI, thereby decreasing the duration for identification and resolution of social engineering attacks emanating from generative AI.

    In conclusion, the rapid advancements in generative AI technology present both opportunities and risks. Moving forward, the increasing risk of social manipulation through AI-enriched tactics necessitates heightened awareness and precaution from both individuals and entities. They must utilize comprehensive cybersecurity strategies to outmaneuver potential adversaries. We are already living in an era where generative AI is leveraged in cyber criminal activities, hence it’s essential to stay alert, ready to counteract these threats using all available resources.

    Related: 5 Ways to Protect Your Company From Cybercrime

    [ad_2]

    Yehuda Leibler

    Source link

  • The Importance of Cyber Resilience for Small and Medium Businesses | Entrepreneur

    The Importance of Cyber Resilience for Small and Medium Businesses | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In the dynamic digital realm of the 21st century, one term has risen to prominence among businesses of all sizes and sectors: cyber resilience. This concept encapsulates an organization’s ability to resist, respond to and recover from cyber threats while ensuring the continuity of operations. Although applicable to all businesses, the role of cyber resilience becomes particularly crucial for small and medium-sized enterprises (SMEs).

    As these businesses venture deeper into the digital world to meet their operational, marketing and customer service needs, they inevitably expose themselves to a multitude of cyber risks.

    Related: Combating Cyber Crime: Your Company Needs To Be Resilient

    Understanding cyber risks for small and medium businesses

    Contrary to the common assumption that cyber criminals primarily target large corporations, recent studies suggest that nearly 60% of all cyber attacks are directed at SMEs. Unfortunately, these businesses often lack the robust defenses of their larger counterparts, making them attractive targets for malicious actors seeking easy prey.

    The fallout from such cyber attacks can be severe, even catastrophic. These may include immediate financial losses, prolonged downtime, regulatory penalties, loss of customer trust and long-lasting reputational damage, all of which can potentially lead to the failure of a business.

    Elements of cyber resilience

    While the terminology may seem complex, cyber resilience is essentially about assembling the right pieces into a cohesive whole. It is the integration of strategies and measures into an overarching framework that collectively acts as a bulwark against cyber threats.

    1. Cybersecurity strategy definition

    Every journey begins with a roadmap, and in the realm of cybersecurity, this roadmap is the cybersecurity strategy. A well-defined cybersecurity strategy provides a holistic view of an organization’s security posture, addressing its unique threat landscape, identifying critical digital assets and outlining protective measures. Crucially, an effective cybersecurity strategy must be comprehensive, flexible and adaptable, considering the constantly evolving nature of cyber threats.

    2. Cyber risk assessment

    A vital part of any cybersecurity strategy is an in-depth and regular cyber risk assessment. This proactive exercise allows an organization to identify potential threats, vulnerabilities within its digital ecosystem and evaluate the potential impacts of various cyber incidents. Regular risk assessments are fundamental for maintaining an updated understanding of an ever-changing risk landscape and formulating appropriate responses.

    3. Proactive cybersecurity

    Here, proactive security measures take center stage, preemptively fortifying the cyber defenses and transforming potential vulnerabilities into strengths. Each action taken, from regular system patches and updates to employee training and regular security testing, is akin to a proactive chess move, strategically positioning the business several steps ahead of potential cyber adversaries. It’s a narrative not of reactive firefighting but of anticipating, preparing and mitigating, thereby underscoring the importance of proactive measures in the grand story of cyber resilience. Prevention is invariably better than cure, and in the cybersecurity context, this translates into proactive security measures such as:

    • Attack surface management: This component is about reducing opportunities for cyber criminals to exploit. Businesses can manage their attack surface by limiting system exposure to the internet, implementing secure configurations and regularly updating and patching systems.

    • Cybersecurity testing: This procedure evaluates the effectiveness of the security measures in place. It involves various exercises such as security audits, red teaming (simulated attacks by an internal team) and blue teaming (defensive measures and responses).

    • Vulnerability management: This activity involves the systematic identification, classification, prioritization and resolution of the vulnerabilities within a system.

    • Penetration testing: This is a practical exercise where cybersecurity professionals launch simulated attacks on the business’s own systems to identify unaddressed vulnerabilities and fix them before real cyber criminals exploit them.

    3. Reactive cyber defense

    Despite the best efforts, no system can be entirely foolproof, which brings us to the last line of defense in cyber resilience: detection and response.

    • Defensive measures: Utilizing tools like Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems allow businesses to identify potential threats rapidly and respond in real time.

    • Security Operation Centers (SOCs): SOCs serve as an organization’s central command post for managing cybersecurity issues. They monitor and analyze the organization’s networks, databases and other digital assets around the clock, detecting unusual activity that might signal an attack.

    Related: 10 Cyber Security Best Practices for Your SMBs

    Benefits of cyber resilience for small and medium businesses

    The narrative of cyber resilience is one of strategic foresight and proactive preparation. For small and medium enterprises (SMEs), it unfolds as a story of empowerment, enabling these businesses to weave a tapestry of benefits into their operational fabric. These benefits range from safeguarding their digital assets and bolstering customer trust, to ensuring regulatory compliance and realizing financial savings. With a robust cyber resilience framework in place, SMEs are not just defending against potential cyber threats but are actively shaping their future — a future where business continuity, data security and reputational integrity are not mere aspirations but achievable goals. Cyber resilience offers several benefits for SMEs such as:

    • Business continuity and minimum disruption: Cyber resilience enables an SME to minimize downtime during a cyber incident and quickly resume normal operations, ensuring business continuity.

    • Protection of sensitive information: Cyber resilience measures help protect the sensitive information of both the business and its customers, reducing the risk of costly and damaging data breaches.

    • Enhanced customer trust and brand reputation: Businesses known for robust cybersecurity are more likely to earn and retain customer trust, enhancing their brand reputation and competitiveness.

    • Compliance with data protection and cybersecurity laws: Many jurisdictions have implemented strict data protection and cybersecurity regulations. SMEs with robust cyber resilience measures are better equipped to ensure compliance and avoid legal and financial penalties.

    • Financial savings: The cost of dealing with the aftermath of a cyber breach, including remediation, legal penalties and loss of business, often far outweighs the investment in cybersecurity, making cyber resilience a smart financial decision.

    Implementing cyber resilience in small and medium businesses

    Implementing cyber resilience in an SME requires a systematic approach that aligns with the business’s unique needs, resources and risk tolerance. The process starts with defining a comprehensive cybersecurity strategy, followed by regular cyber risk assessments. Next, businesses need to implement proactive cybersecurity measures, including ongoing system updates, patches and employee training. An effective detection and response system is also crucial, with tools such as EDR and SIEM, and possibly even establishing a SOC.

    Role of professional cybersecurity services

    Given the complexity and rapidly evolving nature of the cyber threat landscape, many SMEs opt to engage professional cybersecurity service providers. These firms offer expertise and resources that most SMEs cannot maintain in-house. They can manage all or part of the cybersecurity function, providing peace of mind and freeing up the business to focus on its core functions.

    Related: Cybersecurity for Small and Medium-Sized Businesses — How to Conduct a Comprehensive Risk Assessment

    Future of cyber resilience in the context of small and medium businesses

    The cyber threat landscape is in constant flux, necessitating continual adaptation and evolution of cyber resilience strategies. New technologies, such as artificial intelligence and machine learning, are increasingly integrated into cybersecurity solutions, offering enhanced threat detection and response capabilities. However, regardless of the technologies employed, the key to effective cyber resilience remains an ongoing commitment to security and continuous improvement.

    In our increasingly digital world, cyber resilience is not a luxury but a necessity for SMEs. With the exponential growth of cyber threats, it is imperative for SMEs to invest in developing robust cyber resilience strategies to protect their critical assets, maintain customer trust, comply with regulatory requirements, and ultimately, ensure their survival and growth.

    [ad_2]

    Jim Koohyar Biniyaz

    Source link

  • Biden administration announces new labels for gadgets that are less vulnerable to cyberattacks | CNN Business

    Biden administration announces new labels for gadgets that are less vulnerable to cyberattacks | CNN Business

    [ad_1]



    CNN
     — 

    The next time you’re in the market for a smart TV, fitness tracker or other connected gadget, you could see a new US government-backed label identifying some products as being particularly hardened against hackers.

    On Tuesday, the Biden administration announced it’s moving to implement a cybersecurity labeling program aimed at helping consumers pick out trustworthy tech products that are rated as more secure than the competition.

    The program seeks to bolster the nation’s cybersecurity overall by guiding Americans who may be in the market for smart home tech or wearables toward products that meet a high standard for cybersecurity as defined by the National Institute of Standards and Technology (NIST).

    The label will appear as a “distinct shield logo,” according to the White House. Products that meet the criteria for the label could include tech that requires strong passwords and that provides regular software updates to guard against the latest threats, for example.

    A wide range of products could be covered, the administration said, including smart refrigerators, microwave ovens, thermostats, home voice assistants and — eventually — WiFi routers, after NIST finishes designing cybersecurity standards for them later this year.

    For years, cybersecurity has been an afterthought in a market for so-called “internet of things” (IoT) devices that prioritizes low costs over security, according to security experts. One of the more famous examples of IoT security failures came in 2016, when criminal hackers used an army of infected computers, known as the Mirai botnet, to disrupt access to the websites of Twitter, PayPal, and others.

    Products certified under the new program may come with a QR code that links to a national database affirming its participation, the administration added in a release.

    The launch of the program could still be as far as a year away. But the administration took its first steps toward implementation on Tuesday as the Federal Communications Commission applied for a trademark linked to the effort, known as the “US Cyber Trust Mark.”

    The FCC, which regulates wireless devices, also issued a formal proposal that will be open for public feedback on how it should manage the program.

    “This new labeling program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives,” the administration said in a statement. “It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.”

    The government proposal comes two years after President Joe Biden signed an executive order calling for an “‘energy star’ type of label” for tech products. At the time, the US government was still reeling from a crippling ransomware attack days earlier that had forced a temporary shutdown of Colonial Pipeline, one of the country’s largest fuel pipeline operators.

    The executive order highlighted how the administration could use product labeling, combined with the federal government’s immense procurement power, to shape commercial markets and raise the bar for companies that sell technology to both US agencies and ordinary consumers.

    Companies including Amazon, Best Buy, Cisco, Google, LG, Logitech, Samsung and others pledged to assist in the government’s labeling push by committing to increase the cybersecurity of their products, the White House said Tuesday.

    Dave DeWalt, CEO of the cybersecurity-focused investment firm NightDragon, said the government’s move could help address a “perfect storm” of billions of insecure IoT devices.

    “Market forces alone were never going to be sufficient to force manufacturers to step up and deliver more secure devices,” he said. “We’ve taken an essential step now in the right direction to put the power back in the hands of the consumers to choose better security.”

    The Consumer Technology Association said Tuesday its next annual trade show, CES 2024, will feature “certification-ready products” once the FCC finalizes its rules.

    [ad_2]

    Source link