Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
Part of the solution involves identifying and recruiting top thinkers into the field of cybersecurity, but the more immediate challenge is ensuring that cyber professionals have access to the training and information they need to keep their cyber intelligence analysis skills relevant and effective. Due to the rapidly evolving nature of the threat, education and training must be continuous, and this document focuses on strategies and best practices for developing a cyber force that maintains America’s position as a global leader in the information age.
The three main categories of the data network environment effecting IT security are all undergoing major change simultaneously. In the year ahead, these changes will manifest themselves as security challenges. These trends fall into three categories: client devices (the consumerization of IT); the external threat environment (the institutionalization of threat development); and the hosting environment (virtualization). Any one of these dynamics should shade the thinking of IT strategists inside companies and other organizations. Taken together, they may spur major re-evaluations of current practices.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
Preparing today for tomorrow’s threats.
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system
Cyber Security is a crucial and rising part of concern in the present age with a rapid increase in the graph of digitization. And with an increase in the activities in cyberspace, there is also an increase in the cyber-crimes. Handling the huge volumes of data with security has become an inevitable need of the hour. Antivirus software, Firewalls, and other technological solutions help to secure this data but are not sufficient enough to prevent the cybercrooks from destructing the network and stealing confidential information. This paper mainly focuses on the issues and challenges faced by cybersecurity. It also discusses the risks, cybersecurity techniques to curb cyber-crime, cyber ethics, and cyber trends.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
Part of the solution involves identifying and recruiting top thinkers into the field of cybersecurity, but the more immediate challenge is ensuring that cyber professionals have access to the training and information they need to keep their cyber intelligence analysis skills relevant and effective. Due to the rapidly evolving nature of the threat, education and training must be continuous, and this document focuses on strategies and best practices for developing a cyber force that maintains America’s position as a global leader in the information age.
The three main categories of the data network environment effecting IT security are all undergoing major change simultaneously. In the year ahead, these changes will manifest themselves as security challenges. These trends fall into three categories: client devices (the consumerization of IT); the external threat environment (the institutionalization of threat development); and the hosting environment (virtualization). Any one of these dynamics should shade the thinking of IT strategists inside companies and other organizations. Taken together, they may spur major re-evaluations of current practices.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
Preparing today for tomorrow’s threats.
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system
Cyber Security is a crucial and rising part of concern in the present age with a rapid increase in the graph of digitization. And with an increase in the activities in cyberspace, there is also an increase in the cyber-crimes. Handling the huge volumes of data with security has become an inevitable need of the hour. Antivirus software, Firewalls, and other technological solutions help to secure this data but are not sufficient enough to prevent the cybercrooks from destructing the network and stealing confidential information. This paper mainly focuses on the issues and challenges faced by cybersecurity. It also discusses the risks, cybersecurity techniques to curb cyber-crime, cyber ethics, and cyber trends.
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
Analyst Report: The Digital Universe in 2020 - ChinaEMC
This IDC Country Brief discusses China, where the amount of data created, replicated, and consumed each year will grow 24-fold between 2012 and 2020, according to the 2012 IDC Digital Universe study, sponsored by EMC.
On World Backup Day 2014, the Data Loss Gremlins unleashed a dastardly attack on businesses worldwide! Intronis has published this Tech Guide, the 6 Ways to Fight the Data Loss Gremlins, to help IT solutions providers protect their clients from any data loss disaster.
The Cisco 2010 Midyear Security Report includes:
* Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
* International trends in cyber-security and their potential impact on business
* Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
* An update on global spam trends since late 2009 and spam volume predictions for 2010
* Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
The Essential Ingredient for Today's EnterpriseReadWrite
The innovation that comes with the mobile enterprise are immense but problems come with this new world of devices. Namely the huge security concerns that arise. Devices can carry so much important information. How do you control it?
This paper from CIO Custom Solutions Group examines the mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.
This white paper examines the need for strong authentication and explores the return on investment that can be realized in order to help organizations move toward more effective security.
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
Social engineering is a major threat to organizations as more and more companies digitize operations and increase connectivity through the internet. After defining social engineering and the problems it presents, this study offers a critical review of existing protection measures, tools, and policies for organizations to combat cyber security social engineering. Through a systematic review of recent studies published on the subject, our analysis identifies the need to provide training for employees to ensure they understand the risks of social engineering and how best to avoid becoming a victim. Protection measures include awareness programs, training of non-technical staff members, new security networks, software usage, and security protocols to address social engineering threats.
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
The spread of information networks in communities and organizations have led to a daily huge volume of information exchange between different networks which, of course, has resulted in new threats to the national organizations. It can be said that information security has become today one of the most challenging areas. In other words, defects and disadvantages of computer network security address irreparable damage for enterprises. Therefore, identification of security threats and ways of dealing with them is essential. But the question raised in this regard is that what are the strategies and policies to deal with security threats that must be taken to ensure the security of computer networks? In this context, the present study intends to do a review of the literature by using earlier researches and library approach, to provide security solutions in the face of threats to their computer networks. The results of this research can lead to more understanding of security threats and ways to deal with them and help to implement a secure information platform.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIAGILLY
La Mobilephobie : Un ensemble de craintes qui touche généralement les RSSI et d'autres professionnels de la sécurité, relativement à l'adoption et au déploiement d'une stratégie de sécurité Mobile qui favorise l'accès à travers l'entreprise, le partage des données de l'entreprise ou des interactions avec les partenaires, clients et autres tiers via des appareils mobiles et les applications.
Building an Infrastructure that Secures and Protects
In June and July 2011, the Economist Intelligence Unit conducted a global survey, sponsored by Booz Allen Hamilton, of 387 executives to assess attitudes toward cybersecurity, and their progress towards implementing resilience strategies. Learn more: http://www.boozallen.com/insights/expertvoices/cyber-power
Secure data access in a mobile universespencerharry
I was recently interviewed by a journalist, Lynn Greiner, who was working on a paper for the EIU and we talked about data security, mobility and the ever-common phenomenon of BYOD (bring Your Own Device to work).
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
Analyst Report: The Digital Universe in 2020 - ChinaEMC
This IDC Country Brief discusses China, where the amount of data created, replicated, and consumed each year will grow 24-fold between 2012 and 2020, according to the 2012 IDC Digital Universe study, sponsored by EMC.
On World Backup Day 2014, the Data Loss Gremlins unleashed a dastardly attack on businesses worldwide! Intronis has published this Tech Guide, the 6 Ways to Fight the Data Loss Gremlins, to help IT solutions providers protect their clients from any data loss disaster.
The Cisco 2010 Midyear Security Report includes:
* Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
* International trends in cyber-security and their potential impact on business
* Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
* An update on global spam trends since late 2009 and spam volume predictions for 2010
* Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
The Essential Ingredient for Today's EnterpriseReadWrite
The innovation that comes with the mobile enterprise are immense but problems come with this new world of devices. Namely the huge security concerns that arise. Devices can carry so much important information. How do you control it?
This paper from CIO Custom Solutions Group examines the mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.
This white paper examines the need for strong authentication and explores the return on investment that can be realized in order to help organizations move toward more effective security.
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
Social engineering is a major threat to organizations as more and more companies digitize operations and increase connectivity through the internet. After defining social engineering and the problems it presents, this study offers a critical review of existing protection measures, tools, and policies for organizations to combat cyber security social engineering. Through a systematic review of recent studies published on the subject, our analysis identifies the need to provide training for employees to ensure they understand the risks of social engineering and how best to avoid becoming a victim. Protection measures include awareness programs, training of non-technical staff members, new security networks, software usage, and security protocols to address social engineering threats.
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
The spread of information networks in communities and organizations have led to a daily huge volume of information exchange between different networks which, of course, has resulted in new threats to the national organizations. It can be said that information security has become today one of the most challenging areas. In other words, defects and disadvantages of computer network security address irreparable damage for enterprises. Therefore, identification of security threats and ways of dealing with them is essential. But the question raised in this regard is that what are the strategies and policies to deal with security threats that must be taken to ensure the security of computer networks? In this context, the present study intends to do a review of the literature by using earlier researches and library approach, to provide security solutions in the face of threats to their computer networks. The results of this research can lead to more understanding of security threats and ways to deal with them and help to implement a secure information platform.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIAGILLY
La Mobilephobie : Un ensemble de craintes qui touche généralement les RSSI et d'autres professionnels de la sécurité, relativement à l'adoption et au déploiement d'une stratégie de sécurité Mobile qui favorise l'accès à travers l'entreprise, le partage des données de l'entreprise ou des interactions avec les partenaires, clients et autres tiers via des appareils mobiles et les applications.
Building an Infrastructure that Secures and Protects
In June and July 2011, the Economist Intelligence Unit conducted a global survey, sponsored by Booz Allen Hamilton, of 387 executives to assess attitudes toward cybersecurity, and their progress towards implementing resilience strategies. Learn more: http://www.boozallen.com/insights/expertvoices/cyber-power
Secure data access in a mobile universespencerharry
I was recently interviewed by a journalist, Lynn Greiner, who was working on a paper for the EIU and we talked about data security, mobility and the ever-common phenomenon of BYOD (bring Your Own Device to work).
A critical gap exists between the enterprise mobility vision and
real-world implementations.
Enterprise mobility and trends like bring your own device
(BYOD) aren’t just hot topics of conversation.
According to the over 1,600 IT and security professionals we surveyed, mobility is a top priority for most IT departments.
Unfortunately, there’s a critical gap between the vision these IT leaders have for enterprise mobility and the real-world implementations.
The insights gathered from IT professionals in the Americas, Asia Pacific, Europe, the Middle East, and Africa demonstrate that organisations from around the world share many of the same priorities, challenges and risks.
We surveyed 1000+ IT, Security, and Engineering decision makers from the world’s largest companies — those with at least $1 billion in revenue — to find out how they’re capturing technological and business opportunities while protecting against risk, and how they see their organizations evolving for the future.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
CyCon 3.0 presentation- February 15, 2020
Successful digital transformations don’t begin with technology, they begin with people. As organizations adopt DevOps and cloud and realize the increased release velocity, ensuring the security of software and systems at the same velocity is a necessity but doing so isn’t easy. In this talk you will learn about common security challenges in DevOps and cloud and the skills cybersecurity professionals need to solve these challenges.
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesBooz Allen Hamilton
“Hackathon” has become a trendy word in today’s business vernacular, and for good reason. The word “hackathon” comes from both “hack” and “marathon.” If you think of a “hack” as a creative solution and “marathon” as a continuous, often competitive event, you’re at the heart of what a hackathon is about. Hackathons enable creative problem solving through an innovative and often competitive structure that engages stakeholders to come up with unconventional solutions to pressing challenges. Hackathons can be used to develop new processes, products, ways of thinking, or ways of engaging stakeholders and partners, with benefits ranging from solving tough problems to broader cultural and organizational improvements.
This playbook was designed to make hackathons accessible to everyone. That means not only can all kinds of organizations benefit from hackathons, but that all kinds of employees inside those groups—executives, project managers, designers, or engineers—should participate and can benefit, too. Use this playbook as a reference and allow the best practices we outline to guide you in designing a hackathon structure that works for you and enables your organization to achieve its desired outcomes. Give yourself anywhere from six weeks to a few months to plan your hackathon, depending on the components, approach, number of participants, and desired outcomes.
Contact Director Brian MacCarthy at MacCarthy_Brian2@bah.com for more information about Booz Allen’s hackathon offering.
Booz Allen's U.S. Commercial Leader and Executive Vice President, Bill Phelps, recently released his list of 10 Cyber Priorities for Boards of Directors. As we peer into how business, technology, regulatory, and cyber threat realities are evolving in the coming year, here is a reference guide for board members to use in validating their company's cybersecurity approach.
We looked at the data. Here’s a breakdown of some key statistics about the nation’s incoming presidents’ addresses, how long they spoke, how well, and more.
Our Military Spouse Forum built a roadmap to help you navigate your career between deployments, moves, and the unpredictable. Interested in how Booz Allen can help you navigate your career? Check out our opportunities at www.boozallen.com/careers
In August 2016, Booz Allen partnered with Market Connections to conduct a survey of National Security Leaders and the General Public to understand their perspectives on the current threats. Fifteen years after the September 11 attacks, we wanted to know what keeps them up at night today, and what they will be worried about in 15 years. This infographic provides the high-level results of our survey and we will be releasing a more detailed report later in the month of September – so stay tuned. #NationalSecurity2031
Booz Allen convened some of the smartest minds to explore making healthcare more accessible. This report shares the latest healthcare payment trends and what policy experts discovered when planning for different health reform scenarios.
An interactive workshop that guides you through the many relationships that exist in an agile team, with a business value emphasis. Team members gain empathy, discover expectations of others and the importance of these agile team relationships.
An immersive environment allows students to be completely “immersed” in a self-contained simulated or artificial environment while experiencing it as real. With immersive learning, you can show realistic visual and training environments to teach complex tasks and concepts.
Nuclear Promise: Reducing Cost While Improving PerformanceBooz Allen Hamilton
To remain competitive, nuclear operators must take aim at all addressable costs, ensuring maintenance is optimized, taking proactive steps to minimize unplanned outages and, where possible, reducing administrative and other overhead costs. There are multiple opportunities to reduce capital and operational spending, while improving safety and reliability.
General Motors and Lyft; Target and Walmart; Netflix and Amazon - we call these “frenemies”. A strange trend is emerging as unlikely partner companies join forces, and they’re transforming industries around the world. Understanding what's driving the frenemies trend, knowing what options best fit your needs, and making yourself an effective partner are all critical to success.
Threats to industrial control systems are on the rise. This briefing explores potential threats and vulnerabilities as well as what organizations can do to guard against them.
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton
Booz Allen Hamilton partnered with government market research firm Market Connections, Inc. to conduct the survey of military decision-makers. The research examined the main features of Integrated C4ISR through Enterprise Integration: engineering, operations and acquisition. Two-thirds of respondents (65 percent) agree agile incremental delivery of modular systems with integrated capabilities can enable rapid insertion of new technologies.
Modern C4ISR Integrates, Innovates and Secures Military NetworksBooz Allen Hamilton
A majority of the military believe Integrated C4ISR through Enterprise Integration would provide utility to their organization. Check out other key findings from our study in this infographic http://bit.ly/1OZOjG2
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Booz Allen Hamilton
Integrated C4ISR is a force multiplier that significantly improves situational awareness and decision making to give warfighters a decisive battlefield advantage. This advantage stems from Booz Allen Hamilton’s Enterprise Integration approach http://bit.ly/25nDBRg: bringing together three disciplines and their communities—engineering, operations, and acquisition.
Booz Allen Hamilton created the Field Guide to Data Science to help organizations and missions understand how to make use of data as a resource. The Second Edition of the Field Guide, updated with new features and content, delivers our latest insights in a fast-changing field. http://bit.ly/1O78U42
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
PHP Frameworks: I want to break free (IPC Berlin 2024)
Cybersecurity in the Age of Mobility
1. Cybersecurity
in the Age
of Mobility:
Building a Mobile Infrastructure
that Promotes Productivity
An Economist Intelligence Unit
research program sponsored by
Booz Allen Hamilton
2. List of Interviewees About the Survey
Chua Kim Chuan Director, Identity & Security In August 2011, the Economist Intelligence Unit
Services, Information Systems Division, MOH conducted a global survey, sponsored by
Holdings Pte Ltd., Singapore Booz Allen Hamilton, of 340 executives to assess
Tom Downey Director of Excise and Licensing
attitudes toward cybersecurity in the age of
of the City of Denver, Colorado, USA mobility. About one-half (51 percent) of survey
respondents are board members or C-level
KEITH GORDON SVP, Security, Fraud and
executives, including 74 CEOs. The respondents
Enrollment Executive at Bank of America for
are based in North America (31 percent), Western
online and mobile channels, USA
Europe (29 percent), Asia-Pacific (27 percent),
AnDrew McIntyre CEO, Medical-Objects Middle East and Africa (6 percent), Latin America
Pty Ltd, Australia (5 percent), and Eastern Europe (3 percent).
Patty Mechael Executive Director, More than one-half of the survey respondents
mHealth Alliance, USA (55 percent) work for companies with global
annual revenues exceeding US$500 million.
Mark Olson CISO, Beth Israel and
Nineteen different industries are represented in
Harvard Medical School, USA
the survey sample, including financial services
Neil Robinson Senior Analyst, RAND Europe (21 percent); healthcare, pharmaceuticals, and
Rajesh Yohannan Regional Head of biotechnology (13 percent); professional services
e-Business, Citibank Asia (9 percent); transportation, travel, and tourism
(9 percent); IT and technology (7 percent); and
manufacturing (7 percent).
3. Contents
Executive Summary................................................................................................................... 2
Introduction................................................................................................................................. 3
The Benefits of Mobility........................................................................................................... 5
Mobility Hazards and their Remedies................................................................................. 7
Loss of Mobile Devices............................................................................................................. 8
Vulnerability from Downloads.............................................................................................. 9
Sidebar: Financial Services: Pushing the Envelope......................................................10
Inefficient Back-up Procedures...........................................................................................11
Responding to Mobile Security Challenges...................................................................12
Proper Back-up Procedures..................................................................................................13
Network Security and Remote Access..............................................................................13
Developing Company Policies and Leadership............................................................14
Sidebar: Healthcare: Meeting Opportunities as Well as Threats.............................15
Conclusion..................................................................................................................................16
About Booz Allen.....................................................................................................................17
About Economist Intelligence Unit...................................................................................17
Cybersecurity in the Age of Mobility 1
4. Executive Summary
• The as c endanc y of mobil e co mp ut i ng o f f er s co mpa n i e s e n orm o u s
opportunities to improve productivity, while presenting them with a
series of new security challenges. The ubiquity of mobile devices encourages
more people to take care of routine matters via simpler online apps. It also has the potential
to make structural enhancements in productivity. But to capitalize on these benefits,
companies will have to tackle a host of challenging new security issues.
• The rapid rise of mobile devices has led to a corresponding rise in mobile
cyber threats. Mobile devices are more likely to be lost through theft, accident, and
negligence. The “app store” culture of mobile devices leads to promiscuous downloads of
risky software by end-users. Mobile devices are likely to be connected through unsecured
and even hostile “Wi-Fi” network access points. And mobile devices are more likely to be
treated by the end-user as personal property not subject to the usual security practices
of the organization.
• The move to cloud computing is complicating the task. The most fundamental
organizational response involves setting up frequent and easy-to-use back-up procedures
for mobile devices. But organizations have incomplete and inadequate traditions for
backing-up and securing data stored in mobile devices. Giving employees “anytime,
anywhere” access allows them to be more productive, but that access inevitably weakens
the central network’s defenses against intruders. Some organizations respond by setting up
finer-grained controls over remote access.
• The most fundamental problem with mobile security is a lack of awareness.
Companies should make educational efforts on mobile computing a company priority.
Cyber-mobility policies need to address personal use, privacy, security of connection, and
how to handle missing or stolen devices.
• IT departments need to suggest new mobile technologies to other functions
to demonstrate that they want progress and can take the lead in implementation.
To do so, it is important to construct explicit projects with defined targets, benefits, costs,
and budgets. It is also important to set milestones of success and assess the value that
security provides. • •
2 Cybersecurity in the Age of Mobility
5. Introduction:
The Magnitude of
the Challenge
Mobile devices have taken the world by storm. The Economist Intelligence Unit estimates that
four billion people use mobile devices of one kind or another. Three billion are using feature phones
to call and text, but one billion are now using smartphones to access the Internet as well. The global
movement to smartphones is still in its infancy. The devices are likely to experience double-digit sales
growth for the next 5 years as the world builds out 3G wireless networks and the devices themselves
become more powerful.
The move to smartphones will have a profound a host of challenging new security issues
qualitative impact on computing. In 2014, more discussed in this report.
people will be accessing the Internet through
Both opportunity and difficulty lie clearly visible.
mobile devices than via desktops, if current
According to the global survey of senior executives
trends continue. This will change the nature of the
conducted for this report, organizations are
global workplace. The Internet will be much more
already moving with determination to gain
pervasive and embedded—the computing power
an advantage. Four in 10 executives (42 percent)
necessary to perform many work tasks will be
say their organizations have revised business
always on and available almost everywhere.
strategies in the past 3 years to reap the benefits
The ascendancy of mobile computing offers of cyber mobility. The biggest problem caused by
companies enormous opportunities to improve cyber mobility, according to the same executives,
the productivity of a company’s employees. A few is new security threats (cited by 62 percent).
companies will continue to restrict their operations Information is becoming a more central and
to a traditional workplace. But the vast majority essential organizational asset. Balance-sheet
will have to harness cyber mobility to remain health has less to do with inventories of iron ore
competitive. To do so, they will have to tackle or shipping containers, and more to do with the
A Definition In this report, and in the survey conducted for this report, cyber mobility is broadly
defined as “the ability to work anywhere (i.e., remotely from the office) through the use of mobile device(s),
such as laptops and cell phones, and other devices that are connected to the Internet and are often used
to enhance productivity.”
Cybersecurity in the Age of Mobility 3
6. “Balance-sheet health has less to do with inventories
of iron ore or shipping containers, and more to do
with the knowledge held by experienced employees
and digital records about prospective customers. ”
knowledge held by experienced employees and This report, written by the Economist Intelligence
digital records about prospective customers. Unit and sponsored by Booz Allen Hamilton,
Techniques for protecting and managing those explores cyber mobility and its security challenges.
intangible assets lag behind our needs, however. It details how—for a motivated and alert
Even in the face of compliance laws including organization—security can be not just a problem,
Sarbanes-Oxley, HIPAA, and PCI, massive data but also a strength.
breaches regularly occur.
F igure 1 Rapidly Rising Connectivity
120 Mobile Cellular Subscriptions per 100 Inhabitants, 2000-2010
100
Internet users/per 100 inhabitants
80
60
40
20
0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
Developed World Developing
The developed/developing country classifications are based on the UN M49. See: http://www.itu.int.int/ITU-D/ict/definitions/regions/index.html
Source: ITU World Telecommunication/ICT Indicators database
4 Cybersecurity in the Age of Mobility
7. Glossary of Common Mobile Security Terminology
App: Short for from all hazards to “centralized” or mobile devices, often
“application,” which is to data health, “moated” security, distributed via e-mail or
typically downloaded whether intentional which emphasizes app stores
from an app store or accidental, within safety behind firewalls Phishing: An attempt
Cloud Security: Security the data center or at a
MitMo: Short for “man to get users to click
moves from “manual” remote location; DLP
in the mobile”, which is on a malicious link
protection of individual generalizes “back-up”
a type of malware that typically embedded in
devices to the cloud, and “disaster recovery”
allows the perpetrator an e-mail or SMS
where a third-party
Endpoint Security: to monitor what the
provider is usually Security Token:
The idea that each remote user does on
responsible Typically a small
individual device (an the screen
DLP: An acronym for physical device
endpoint) should be
Data Loss Prevention, Mobile Malware: Short through which
secured, as opposed
DLP unifies protection for malicious software users authenticate
specifically designed for themselves
The Benefits of Mobility
Mobility offers many benefits to businesses The ubiquity of mobile devices provides another
but the core opportunity is enhanced staff benefit: It also encourages more people to take
productivity. Employees who are more connected— care of routine matters immediately, via simpler
on the road or at home—are more efficient. In online apps, rather than waiting for somebody
a 2011 report from the US Office of Personnel to help them. The US public sector is making
Management (OPM), 31 out of 33 federal agencies the most of this trend by offering more mobile
that track telework programs said they believed government (m-government) information and
that enhanced productivity was the greatest services to constituents. Tom Downey, Director of
benefit of mobility. “Look at the tablet technology,” Excise and Licensing of the City of Denver, Colorado,
says Mark Olson, CISO at Beth Israel and Harvard emphasizes that migration to online “e-systems”
Medical School. “A physician can pull up specific allows more citizens to “self-serve,” freeing trained
results and tests on the iPad to show at the staff to shift attention to strategic efforts.
patient’s bedside.” In addition, he notes, physicians
can review information on the go, even walking
between buildings, to enhance their productivity.
Cybersecurity in the Age of Mobility 5
8. “One-quarter of executives say their
organization relies on cyber mobility to
an overwhelming extent, and another
80 %
of executives also say
mobile devices will be
49 percent say it is of equal importance more important to their
work 3 years from now
to productivity as other factors.” compared with today.
Cyber mobility can do more than boost productivity Given the potential benefits, organizations are
in a quantitative way: It also has the potential to increasingly relying on mobility. One-quarter
make structural enhancements in productivity. of executives say their organization relies on
Putting an iPad in a doctor’s hands can improve cyber mobility to an overwhelming extent, and
face-to-face encounters with patients, but it can another 49 percent say it is of equal importance
have more dramatic effects when the physician to productivity as other factors. Eighty percent
is away on rounds at a different facility. If new of executives also say mobile devices will be
results arrive for a patient, a nurse can update the more important to their work 3 years from now
physician, transmit test results, receive instructions compared with today.
based on the physician’s assessment of those
Mobility also allows companies to:
tests, and start a new procedure hours before the
physician is scheduled to return. In this situation, • Launch and evaluate projects more quickly
little of the doctor’s time is saved, but the impact and with less overhead
on patient well-being might be enormous. More • Improve service quality, allowing them to
generally, cyber mobility’s greatest potential is sidestep competition based on price
not merely in saving costs, but in yielding greater
results in revenues, profit, or other output measures.
• Improve the length and intensity of
customer relationships.
Mobility also offers benefits on a more strategic
Survey respondents agree about the key benefits
level: It allows companies to extend their business
of mobility. Flexibility (chosen by 89 percent)
and their brand beyond the bounds of the physical
and increased productivity (75 percent) are
setting of their company. A well-designed mobile
overwhelmingly cited as benefits, while a smaller
app allows a retail company to sell to customers
number also say cost savings (24 percent). These
anytime and anywhere—far from its bricks-and-
potential benefits have caused more organizations
mortar locations. For strategic executives, this is
to rely on mobile devices.
the ultimate goal: to be able to scale a good brand
experience across town or across a continent.
Cyber mobility opens the possibility for brand
scaling beyond traditional approaches limited by
physical presence.
6 Cybersecurity in the Age of Mobility
9. F igure 2 In your view, what are the biggest benefits associated with cyber mobility?
Select up to three.
Greater work flexibility 89%
Increased productivity 75%
Decentralization of key business operations 25%
Lower cost structure 24%
Improved innovation 17%
Taking advantage of new market opportunities 12%
Greater understanding of important future trends 9%
Increased revenue growth 5%
Increased profitability 4%
Deepened knowledge of consumer trends 4%
Other, please specify 3%
Don’t know 1%
Source: Economist Intelligence Unit survey, August 2011
Mobility Hazards and their Remedies
Companies that want to take advantage But hostile actors may be growing faster than
of the widespread promise of mobile devices the mobile sector itself. According to Cisco’s
will have to face a number of important security 2010 Annual Security Report, improvement in
issues. The rapid rise of mobile devices has led traditional computer security awareness has led
to a corresponding rise in mobile cyber threats. cyber criminals to target mobile users since the
In 2010, security company McAfee reported latter are generally less knowledgeable about the
an increase in mobile malware by 46 percent, threats facing them and are, therefore, easier prey.
compared with the previous year.
Cybersecurity in the Age of Mobility 7
10. The threats are fueled by a number of issues: • Organizations have incomplete and inadequate
• Mobile devices are more likely to be lost traditions for back-up and securing data stored
through theft, accident, and negligence; in mobile devices; and
• The “app store” culture of mobile devices • Mobile devices are more likely to be treated
leads to promiscuous downloads of risky by the end-user as personal property not
software by end-users; subject to the usual security practices
of the organization.
• Mobile devices are particularly apt to be
connected through unsecured and even
hostile “Wi-Fi” network access points;
Loss of Mobile Devices
The increased use of mobile devices has made issue. He notes people often put a lot of sensitive
loss of the device an important problem. “You information into their phones. They set up e-mail
don’t lose your desktop,” says Rajesh Yohannan, accounts, store passwords, and download apps
Regional Head of e-Business, Citibank Asia. such as Facebook, which allows them to be signed
Yohannan notes that most of the data kept on in at all times. A cyber criminal who came across
mobile devices are recoverable because most their device would have instant access to all of the
organizations and individuals back up crucial data on the device and on the apps associated
assets, and the actual device can be replaced. with it. That would allow them to correlate this
He is particularly concerned, however, about information against other data sources and do
protecting the data on a lost mobile device from significant damage. “You steal a phone for its
cyber criminals. virtual value—the information that is on it, the
passwords that are stored there, e-wallet type
Keith Gordon, SVP, Security, Fraud and Enrollment
programs,” agrees Neil Robinson, Senior Analyst
Executive at Bank of America for online and
at the RAND Europe think tank.
mobile channels, USA, is also concerned about this
“A cyber criminal who came across their device would have instant access to
all of the data on the device and on the apps associated with it. That would
allow them to correlate this information against other data sources and do
significant damage.”
8 Cybersecurity in the Age of Mobility
11. Vulnerability from Downloads
Unsuspecting users often download indicating that they are downloading apps to a
unfamiliar apps and information to their mobile great extent and that they also mix business and
device. “Cyber crooks see it as an opportunity personal use. Yohannan says users must be more
because awareness is low,” says Yohannan. In the careful of what they download and points out that
survey conducted for this report, about one-half of this includes e-mail attachments, which are rarely
all executives confirm that they have downloaded scanned for viruses or malware.
an app for business use as well as personal use,
F igure 3 Which of the following activities have you done on your mobile device(s) in the
past three years? Select all that apply.
Checked business email 92%
Made a business phone call 90%
Browsed the Internet 87%
Made a personal phone call 84%
Checked personal email 76%
Downloaded an app for business use 54%
Downloaded an app for personal use 51%
Downloaded a security update 51%
Other, please specify 6%
I don’t have a mobile device 2%
Source: Economist Intelligence Unit Survey, August 2011
Cybersecurity in the Age of Mobility 9
12. Financial Services:
Pushing the Envelope
Financial services are moving to take advantage of mobile computing
51%
platforms in a big way. “The way we communicate with our customers and
the way we market our services is changing radically,” says Rajesh Yohannan,
Regional Head of e-Business, Citibank Asia. In the 18 months since it started its
Asian mobile banking service, Citibank already has 500,000 users signed up.
of financial services
executives say their Financial services executives queried in the survey conducted for this report
organization has revised its
business strategy to reap
are promoting mobility to a greater extent than their peers in other sectors.
the benefits of mobility... For example, 34 percent of them say their industry relies on mobility to
enhance productivity compared to 21 percent of executives as a whole.
Half (51 percent) of financial services executives also say their organization
compared to... has revised its business strategy to reap the benefits of mobility compared to
42 percent of respondents as a whole.
42 %
But the financial services industry faces greater risks than others. Individual
hackers and organized crime groups are actively seeking to exploit the slightest
vulnerabilities. Keith Gordon, SVP, Security, Fraud and Enrollment Executive
at Bank of America, who conducts a monthly intelligence review of the top
threats to the bank, says endpoint security was his biggest concern in early fall
of respondents 2011. That was followed by customer spoofing—such as phishing, application
as a whole
security, mobile malware, and data loss. To improve security, Bank of America is
doing three things: “We have pre-built security into our applications, we don’t
store any unnecessary data on the phone, and any data stored is encrypted,”
Gordon says.
Banks are also keeping a closer tab on the evolution of threats and informing
customers about their risks. “We scan forums where cyber criminals hang out
to track attacks even before they happen,” confirms Yohannan, who goes on to
explain that many perpetrators will discuss upcoming attacks with their peers
before executing them. Citibank has a group of people dedicated to this cause,
while other groups look to deal with the actual attacks and their aftermath.
Educating consumers is another way to improve security. Like many others,
Bank of America will proactively alert customers when there is unusual
account activity. A more innovative approach taken by the bank is to give
their customers one free year of protection from McAfee, a security software
company, in the hope that those customers will value the McAfee service and
continue to use it beyond the trial period, according to Gordon. • •
10 Cybersecurity in the Age of Mobility
13. App stores pose a different problem. In response to One of the biggest threats in this area has been
the growing number of attacks via malicious apps, various versions of Zeus MitMo, a malware that
the European Network and Information Security hides in the background of mobile apps and
Agency (ENISA), the agency overseeing Europe’s allows the perpetrators to gather information from
cybersecurity, published a report in September unsuspecting users. “We have seen a big uptick in
2011 about the security implications of app stores. malware, such as Zeus for mobile,” says Gordon,
It found that today’s malicious apps target a variety whose company tracks the top five threats against
of platforms and can tap into smartphone data, them on a monthly basis (also see sidebar on
from business e-mails to phone calls. “Consumers page 10).
are hardly aware of this,” said the authors of the
report, Dr. Marnix Dekker and Dr. Giles Hogben.
Inefficient Back-up Procedures
In principle, proper back-up procedures make it That change has also lead to shifts in responsibilities.
possible to recover data lost on a physical device. In this new environment, back-up procedures
But typical back-up procedures for mobile devices are typically conducted by the cloud providers.
leave a lot to be desired. Data are backed up “Companies of all sizes and individuals are at the
incompletely and, often, insufficiently. mercy of providers,” agrees Robinson. Survey
respondents also say the third biggest problem
It is also difficult to determine exactly what data
caused by cyber mobility in their organization today
need to be backed up because the nature of
is the loss of control over data (cited by 34 percent).
“data” has changed. “Everything used to be stored
on the device,” says Robinson. “But nowadays Respondents agree with the commonly cited
cyber mobility is hard to separate from cloud risks associated with mobility. They are concerned
computing.” Because of this, mobile security has to that their mobile device will be compromised
be closely tied to cloud security. Concentrating on as a result of loss (66 percent) and poor back-up
endpoint security by backing up individual devices procedures (55 percent). Downloads were fourth
is becoming less important than cloud security— on the list of concerns (cited by 51 percent) after
making sure the cloud data scattered across the the use of insecure networks (52 percent), another
world are secure. growing problem which is associated with using
various connections in remote locations.
Cybersecurity in the Age of Mobility 11
14. The survey also revealed users may claim a higher compromised. Yet, 64 percent say efficiency gains
degree of awareness regarding security than they outweigh any potential security risks when it comes
put into practice. Nine out of 10 say they would to working remotely, and 68 percent say the same
alter their usage if they learned that it is likely that about the use of mobile devices.
the information on their mobile devices can be
Responding to Mobile
Security Challenges
Organiz ations that wa nt to tak e and renewal. At a tactical level, our survey
advantage of the benefits of mobility must shows attention in this area currently is focused
find a way to face the security challenges that on back-up procedures, security of remote
come with them. Even explicit policies often access, and movement towards interoperability
remain incomplete; in any case, part of the nature and standardization.
of security is a demand for continuing vigilance
F igure 4 Which of the following areas are covered by your organization’s policy regarding
the use of mobile device(s)? Select all that apply.
Personal use 78%
Privacy 71%
IT support 69%
Use of secure/insecure wireless connections 68%
Security software 64%
Missing or stolen devices 64%
Downloads (apps/games/other) 62%
Backup procedures or data loss 58%
The guidelines are general and I am not aware of
my organization having any specific policies 6%
Other, please specify 3%
Don’t know 0%
Source: Economist Intelligence Unit survey, August 2011
12 Cybersecurity in the Age of Mobility
15. Proper Back-up Procedures
The mos t fundamenta l organizational Some organizations respond by setting up finer-
response involves setting up frequent and easy- grained controls over remote access: someone
to-use back-up procedures for mobile devices. But with accounting responsibilities, for example,
the move to cloud computing is complicating the might be permitted to prepare reports, but not
task. “This is where everyone struggles and we do to transfer funds remotely. Olson says remote
as well,” Mr. Olson admits. Backing up the data is access to his organization is controlled via a series
relatively straightforward. The bigger problem is of security steps, including software installation,
securing the data in case the device is lost. a secure sockets layer (SSL) connection, a virtual
private network (VPN) and, of course, regular
To deal with the possibilities of lost devices,
changes of passwords.
Olson tries to limit the amount of data resident
on a particular mobile device and encrypts it. In Singapore, Chua Kim Chuan, Director of
“We use an approach where data are fetched, Identity & Security Services, Information Systems
viewed, and destroyed, in order not to leave any Division, MOH Holdings, the holding company
information resident on the device,” he explains. of Singapore’s public healthcare assets, also uses
All information is stored at a central data center. end-to-end encryption and strong authentication
From there, he can recover what was on the procedures. But Mr. Chua Kim Chuan goes one
device at all times (regardless of whether the step further by requiring that employees carry
actual device is recovered or not). Inevitably, small devices that generate numeric “one-time”
however, a small amount is still left on the device. passwords. These information tokens add a
To deal with this problem, he adds a remote physical element to the authentication process.
wiping capability that allows him to erase data
“The trickiest part is to design a process that is easy
remotely if the device is lost.
while providing security,” says Mr. Chua Kim Chuan.
Neil Robinson agrees. “If there are too many steps
and passwords, then users will write them down,”
Network Security he says. Writing instructions on paper, of course,
defeats the whole purpose of a security procedure:
and Remote Access If someone finds that piece of paper, the system’s
security collapses. To balance convenience and
safety, many organizations still require only a
Another big problem involves controlling how
user name and password—even for remote
mobile devices get remote access to organizational
access. However, a number of studies have
networks. Giving employees “anytime, anywhere”
shown that this combination is inadequate in
access allows them to be more productive, but that
most security situations.
access inevitably weakens the central network’s
defenses against intruders. A remote connection
can serve as a pathway that allows a malicious app
to access other users on the internal network.
Cybersecurity in the Age of Mobility 13
16. While 71 percent of respondents agree that their of scenarios, respondents are least confident with
organization has taken security measures regarding regard to mobile devices: Only 22 percent say they
mobility, the quality of policies in this area may be are well prepared in this area, compared with
uneven. When asked how prepared their organization 50 percent who say the same about online access
is to address security or privacy threats in a variety and 59 percent about the use of desktop computers.
F igure 5 How prepared is your organization to address security or privacy
threats to the following?
The physical office location 100%
59% 37% 3% 1%
The use of desktop computers 100%
59% 38% 2% 1%
Online access 100%
50% 43% 5% 1%
Mobile device(s) 100%
22% 63% 14% 2%
Well prepared Somewhat prepared Not at all prepared Don’t know
Source: Economist Intelligence Unit Survey, August 2011
Developing Company
Policies and Leadership
Mobility is increasingly pervasive, and awareness. Yohannan believes the lack of
organizations must capitalize on it to remain awareness is pervasive in organizations and
competitive in the marketplace. Organizations is not limited to users of mobile devices.
must take a number of steps to respond to security Educational initiatives need to start within the
challenges that mobility presents: organization. “We educate senior executives
about security in terms they can understand,”
• Make educational efforts on mobile computing
explains Gordon. To educate users about
a company priority. The most fundamental
phishing, he will show them an actual phishing
problem with mobile security is a lack of
14 Cybersecurity in the Age of Mobility
17. Healthcare: Meeting Opportunities
as Well as Threats
Th e h e a lt h c a r e i nd u stry h a s gre at h op e s f or m o b i l e co mp u t i ng.
It is increasingly using mobility to enhance the productivity and flexibility of
its operations and to meet demands from patients. Electronic health (e-health)
initiatives are the most commonly cited benefit on the horizon. These initiatives
typically focus on developing electronic medical records (EMRs), which allow
employees to evaluate results remotely and communicate information quickly.
Telemedicine (tele-health) allows doctors to see their patients virtually and consult
them at a distance.
“From a security perspective, we have to look at all of this and see how we can
enable it,” says Mr Olson about the future of digital healthcare. The industry is at
a particular risk from mobility given the sensitive data it handles in the form of
patient records. “We are mostly targeted for the information we hold about people
and identity theft is our biggest threat,” observes Mr Olson. The primary suspects,
therefore, are organized crime groups, rather than nation-states or thrill-seeking
hackers. Their goal is to get a name and an address they can validate with another
source. “The more data they can correlate, the more value it has on the black
market,” he explains.
To deal with the threat, health organizations are creating a variety of security
policies. Survey results lend support to the idea that healthcare is a leader in policy
development. 84% of healthcare respondents say they have a policy regarding the
use of mobile devices compared to 77% in other industries. According to survey
responses, the policies adopted by healthcare organizations also cover important
aspects of security to a greater extent, such as privacy (89% vs 71%) and missing or
stolen devices (78% vs 64%).
The most pressing problem now, according to Andrew McIntyre, CEO of Medical-
Objects Pty based in Australia, is not the lack of policy, but its implementation
on the end-user side, as users of technology tend to trust vendors. Even in cases
where suppliers clearly understand security matters, they feel little incentive to
educate end-users focused on features and functionality outside the security
domain. In addition to traditional logins and passwords, Dr McIntyre is promoting
enhanced interoperability and better client-side security procedures, such as use
of security tokens. “We can encrypt the transfer of data but we are stuck with a
password to access it,” he says about the challenge to improve standards in the
industry. “While the technology exists for client side tokens, virtually nobody uses it.”
One way in which to overcome such challenges, according to Mr Olson, is for the
security team to push new products to the healthcare professionals, instruct them
in their benefits, and demonstrate their use. “By doing that we are out in front of the
partnership and we can control expectations and parameters of use,” he suggests. • •
Cybersecurity in the Age of Mobility 15
18. e-mail used by hackers. “Our dashboard has • Encourage IT departments to lead by example.
both the simple terminology as well as the IT departments are often seen by other
technical one, but in the future I hope it will functions as an obstacle to greater mobility
only have one,” he says about his initiatives to because they insist on various security policies.
educate management. This can encourage IT departments to resist
• Create comprehensive mobile security the latest technologies before proper security
procedures. If there are no mandated security is in place or to establish too many passwords
standards, or if interoperability is an issue to access a system. “Security teams should be
in secure communication, companies need enabling teams rather than disabling teams,”
to set the standard internally. “There is no stresses Olson. IT departments need to suggest
substitute for strong policies,” says Olson, who new mobile technologies to other functions
is constantly looking to enhance security in his to demonstrate that they want progress and
organization. It is also important to make sure can take the lead in implementation. To do
strong policies and standards are executed well this, it is crucial to construct explicit projects
and enforced properly. At the very least, cyber with defined targets, benefits, alternatives,
mobility policies need to address personal use, costs, and budgets. It is also important to set
privacy, security of connection, and how to milestones of success to manage project risk,
handle missing or stolen devices. and develop technical capabilities to assess the
value that security provides.
Conclusion
The s takes asso ciated w it h fa i l i ng to e s ta b l i s h pro per m o b i l e s ec ur it y a r e h ig h.
The costs associated with loss of a single customer record can be greater than a multiple of the lifetime
revenues expected of that customer.
Companies also need to construct written goals with objective criteria and track successes and failures
associated with mobile security. They need to demonstrate to employees and customers that the
organization is committed to mobile security. They need to keep stakeholders informed about the
company’s experience with mobile security issues, and monitor the impact of these efforts.
Security itself is often conceived in negative terms: data not leaked, lawsuits avoided, and authentication
nuisances reduced. Once companies do these steps well, they will find that security becomes a positive
value—customers and employees will become more comfortable and confident doing business with an
organization known for its security leadership. • •
16 Cybersecurity in the Age of Mobility
19. About Booz Allen Hamilton
Booz Allen H amilton i s a l e adi n g prov id e r of management and
technology consulting services to the US government in defense, intelligence,
and civil markets, and to major corporations, institutions, and not-for-profit
organizations. Booz Allen is headquartered in McLean, Virginia, employs more
than 25,000 people, and had revenue of $5.59 billion for the 12 months ended
March 31, 2011.
Booz Allen understands that cybersecurity is no longer just about protecting
assets. It’s about enabling organizations to take full advantage of the vast
opportunities that the ecosystem of cyberspace now offers for business,
government, and virtually every aspect of our society.
Those opportunities can be imperiled, however, by rapidly emerging cyber
threats from hackers (hacktivists), organized crime, nation states, and
terrorists. We help our clients in both business and government understand
the full spectrum of threats and system vulnerabilities, and address them
effectively and efficiently.
Booz Allen believes the key to cybersecurity today is integration—creating
a framework that “thinks bigger” than technology to encompass policy,
operations, people, and management. Through this Mission Integration
Framework, organizations can align these essential areas to address the real
issues, and develop cyber strategies and solutions that keep pace with a fast-
changing world.
To learn more, visit www.boozallen.com. (NYSE: BAH)
About the Economist Intelligence Unit
The Economist In t e l l ige n c e U n it i s pa rt o f t h e Eco n o m i st G r o up,
the leading source of analysis on international business and world affairs. Founded in
1946 as an in-house research unit for The Economist newspaper, we deliver business
intelligence, forecasting and advice to over 1.5m decision-makers from the world’s
leading companies, financial institutions, governments and universities. Our analysts
are known for the rigour, accuracy and consistency of their analysis and forecasts,
and their commitment to objectivity, clarity and timeliness.
Cybersecurity in the Age of Mobility 17