Skip to content

Don’t Delay Zero Trust! There’s Too Much at Stake.

In today’s fast-paced and ever-changing digital landscape, cybersecurity has become a critical concern for businesses of all sizes. With cyber threats becoming increasingly sophisticated and frequent, companies cannot afford to take a passive approach to security. The threat landscape and attack surface of organizations has immensely increased over the past few years.

In recent years, the concept of “Zero Trust” has gained significant traction as an effective security strategy for businesses looking to protect their assets and data. But despite its benefits, many companies still delay its implementation, putting themselves at risk. We’ll explore why companies shouldn’t delay Zero Trust and the potential consequences of doing so.

The State of Cybersecurity Today

Before we dive into zero trust and its challenges, let’s have a look at the state of cybersecurity to have an idea of what are we dealing with in terms of cybersecurity threats and data breaches.

According to ESENTIRE’s official Cybercrime report the average cost of cybercrime is predicted to hit $8 trillion in 2023 and exponentially rise to $10.5 Trillion by the year 2025.

As per IBM Security X-Force Threat Intelligence Report 2022, the most attacked region is the Asia Pacific accounting for approximately 31% of the incidents recorded by Incident Response.

Incidents by regions - zero trust

Figure 1. Incident By Regions 2020-2022. Source IBM X-Force

Further investigations by IBM revealed that Data extortion was the most common attack impact on organizations with phishing being the top initial access vector of compromise identified in 41% of cybersecurity incidents.

Further statistics by Verizon data breach report states that Ransomware attacks have increased by 13% as compared to the last 5 years.

It is quite evident from the above stats that cybersecurity incidents and data breaches won’t stop and will continue to rise at the same frequency as they were previously. To battle against high volume and complex cybersecurity attacks organizations must adopt a proactive approach and utilize security architectures and models like zero trust to mitigate and contain the previously mentioned attacks.

What is Zero Trust?

Zero Trust is a security framework that emphasizes the principle of “never trust, always verify.” It is designed to provide a comprehensive security approach that protects assets and data by ensuring that no user, device, or application is automatically trusted, regardless of whether they are inside or outside the corporate network. Zero Trust operates under the assumption that every access request is potentially malicious and should be thoroughly verified before granting access.

In a nutshell “The Zero Trust” model is built around three core principles:

  1. Identify
  2. Verify
  3. Enforce

The first principle, identify, involves identifying all users, devices, and applications that require access to resources. This involves creating a comprehensive inventory of all assets, including data, applications, and services, and mapping out their relationships with each other.

The second principle, verify, involves thoroughly verifying the identity and security posture of all users, devices, and applications before granting access. This involves implementing strong authentication mechanisms, such as multi-factor authentication (MFA) and continuously monitoring all access requests for signs of suspicious activity.

The third principle, enforce, involves enforcing strict access control policies that limit access to resources based on the user’s role, location, and device posture. This involves implementing granular access control policies and micro-segmentation to ensure that each user only has access to the resources they need to perform their job, and nothing more.

Zero Trust is not a single product or solution, but rather a comprehensive security framework that incorporates a range of security measures, such as encryption, network segmentation, and continuous monitoring. It also involves a cultural shift towards a security-centric mindset, where security is seen as a fundamental component of business operations, rather than an afterthought. Zero Trust Architectures are well-suitable and effective for environments that come under the hood of critical infrastructures due to their IT/OT integrations.

Challenges faced by organizations to adopt Zero Trust Model

For more than a decade, the idea of a Zero Trust security architecture has been around but the pace of adopting it has not seen an exponential increase over the past few years. Many organizations lack basic cybersecurity hygiene due to which sooner or later they suffer from an inevitable loss in terms of monetary and reputation.

Let’s demystify and uncover the challenges and the reasons why organizations are still hesitant and delaying adopting the zero trust model despite increasing cybersecurity attacks.

Why do companies delay Zero Trust?

Despite the clear benefits of Zero Trust, many companies delay its implementation for various reasons. One of the primary reasons is the perception that Zero Trust is too complex and time-consuming to implement. Companies may also be hesitant to implement Zero Trust due to the potential disruption to business operations and the need for significant changes to existing security policies and procedures. Additionally, some companies may feel that their existing security measures are adequate, or they may underestimate the severity of cyber threats.

Some of the pertinent challenges faced by organizations to implement zero-trust architectures are discussed below:

  • Complexity: One of the primary challenges of implementing Zero Trust architecture is its complexity. Zero Trust requires an extensive and integrated system of security controls, which is time-consuming and resource intensive. The architecture must be customized to fit each organization’s unique infrastructure, which can add a layer of complexity. The complexity part is typically decreased if the organization has clearly defined trust boundaries for traffic inflows and outflows, their critical assets are identified and a holistic approach towards security is being adopted by intensive information security programs.
  • Cost: Another significant challenge is the cost of implementing Zero Trust architecture. The architecture requires the integration of several security solutions such as firewalls, intrusion detection systems, and multifactor authentication tools, which can be expensive. On the other hand, the cost also increases if an organization has to replace legacy systems with new ones. Organizations must also allocate sufficient resources to maintain and upgrade the architecture.
  • Lack of skilled personnel: Zero Trust architecture requires skilled IT personnel who are experienced in cybersecurity practices. Unfortunately, there is a shortage of cybersecurity professionals, making it challenging for organizations to find the right people to implement and maintain the architecture. Often sometimes the internal controls, processes, and policies are too vague or hard to understand and the relevant teams lose their actual objective to protect and implement the desired security controls.
  • Culture: Zero Trust architecture requires a significant shift in an organization’s security culture. The architecture requires all users to adopt new security practices and mindsets, which can be challenging to achieve. Organizations must provide extensive training and awareness programs to ensure that employees are equipped with the necessary skills to implement and maintain Zero Trust.
  • Perception of low risk: Many organizations perceive themselves as low-risk targets for cyber-attacks, leading to a lack of urgency in implementing Zero Trust architecture. This perception often results from a lack of understanding of the potential risks and impacts of a cyber-attack, leading to inadequate investments in cybersecurity solutions.

The risks of delaying Zero Trust

Delaying the implementation of Zero Trust can have severe consequences for companies. With cyber threats becoming increasingly sophisticated and frequent, companies that rely on traditional security measures are at greater risk of security breaches. Hackers can exploit vulnerabilities in the network and gain unauthorized access to sensitive data, resulting in significant financial losses, reputational damage, and legal liabilities.

The consequences of a security breach can be devastating for companies, both in the short and long term. In addition to financial losses, companies may face legal action, regulatory fines, and damage to their reputation, which can have long-lasting effects on their business operations.

Implementing Zero Trust can be a challenging process, but the benefits far outweigh the challenges. Zero Trust provides a comprehensive security approach that ensures the protection of assets and data, regardless of the location or user. By implementing Zero Trust, companies can reduce the risk of security breaches and improve their overall security posture. Zero Trust can also help companies meet compliance requirements and improve their ability to respond to security incidents.

Conclusion

Organizations must take cybersecurity seriously and adopt advanced security solutions such as Zero Trust architecture to protect their data and resources from cyber-attacks. While the implementation of Zero Trust architecture is complex and comes with its own set of challenges and problems, the benefits of implementing it far outweigh the costs. Organizations must carefully consider the risks and rewards of Zero Trust architecture and implement it in a way that ensures the protection of critical resources and data. By doing so, organizations can build a robust and secure cybersecurity posture that protects them from ever-evolving cyber threats.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

FDA Bans Sale of IoMT Devices That Fail Cybersecurity Requirements

Picture this. You’re at the hospital, hooked up to a medical device meant to help you. Or you’re walking around with this device planted inside you as you go about your day. But little do you know that hackers could potentially access your personal health information stored in that device or maybe even take control of that device altogether. Scary, right?

Sadly, it’s not just a hypothetical situation. Major MedTech companies like BD, Insulet, and Zoll Medical have already reported cybersecurity vulnerabilities in their devices that could compromise sensitive data or patient outcomes.

This is primarily a case of security needing to catch up with technology. Internet-connected medical devices, often called Internet of Medical Things (IoMT), have become a common feature of the healthcare landscape over recent years and provided many benefits. For example, these devices enable proactive healthcare, leading to better patient outcomes and cost savings while empowering patients to receive care at home.

Still, while the capabilities of these devices are rapidly advancing, their security continues to lag. The situation presents new challenges for MedTech companies and Internet of Things (IoT) security professionals.

Now, the Food and Drug Administration (FDA) is stepping in to ensure that medical devices meet specific cybersecurity guidelines. But what exactly are these new rules? And just how dangerous of a situation is medical device hacking? Let’s get into it.

Strengthening Medical Device Cybersecurity: FDA’s New Guidelines

The FDA has issued new cybersecurity guidelines for medical devices in response to growing concerns about cyber threats to internet-connected products used in healthcare settings. These guidelines are part of the $1.7 trillion federal omnibus spending bill signed by President Joe Biden in December.

Under the new requirements, all new medical device applicants must submit a plan on how they will monitor, identify, and address cybersecurity issues and provide “reasonable assurance” that their devices are protected. They must also make security updates and patches available on a regular schedule, including for critical situations. Additionally, applicants need to provide a “software bill of materials” that lists all the software components used in their devices, including open-source software.

These requirements are aimed at preventing breaches by ensuring that medical device makers have plans in place to address cybersecurity vulnerabilities and quickly roll out updates to mitigate risks. The FDA will begin enforcing these requirements on October 1, 2023, to allow device makers sufficient time to comply.

The new law also mandates that the FDA work with the US Cybersecurity and Infrastructure Security Agency (CISA) to update its existing guidance on cybersecurity in medical devices within two years and periodically update it after that. The FDA must also update its online resources within six months of the bill’s enactment to provide up-to-date information on how healthcare providers and device makers can identify and address vulnerabilities and work with federal agencies to strengthen device security.

Additionally, the US Comptroller General has one year to develop a report identifying challenges in cybersecurity for devices and providing suggestions for how government agencies can help minimize these challenges for manufacturers, healthcare providers, and patients.

What IoMT Devices Are Vulnerable to Cyber-Attacks?

One example that highlights the vulnerability of medical devices to cyber attacks is the case of former Vice President Dick Cheney’s heart defibrillator. In 2007, cautious doctors replaced Cheney’s defibrillator and modified it to disable the wireless feature to prevent potential terrorists from sending a signal to the device and causing harm. This incident highlighted the serious risks associated with internet-connected medical devices, as hackers could potentially gain unauthorized access and manipulate the device’s settings, leading to life-threatening consequences.

Other IoMT devices, such as insulin pumps and infusion pumps, are also vulnerable to cyber-attacks. These devices often have wireless connectivity to allow for remote monitoring and adjustments, but this can also create potential entry points for hackers to exploit. For example, a cyber attacker could potentially hack into an insulin pump and administer an incorrect dosage, leading to dangerous fluctuations in blood sugar levels.

The reasons why IoMT devices are vulnerable to cyber-attacks are multifaceted. Many medical devices use outdated or legacy software systems that may not have the latest security patches or updates, making them susceptible to known vulnerabilities. Additionally, manufacturers may prioritize functionality and ease of use over security measures, resulting in inadequate protection against cyber threats.

Moreover, the rapid pace of technological advancements in the healthcare industry can outpace the development of robust cybersecurity measures, leaving IoMT devices vulnerable to emerging threats.

Embracing a Security Mindset

These new FDA rules will give MedTech companies the push to adopt a security-centric mindset. However, that’s not to say that MedTech companies have been burying their head in the sand when it comes to IoT security. In a Deloitte study into the top priorities of medical technology companies, cyber readiness ranked joint-top, beating research and development and global markets.

MedTech companies will likely start implementing robust authentication protocols and stringent access controls across all IoMT devices to ensure patient data can’t fall into the wrong hands. Similarly, strong data encryption is crucial for protecting patient information and preventing unauthorized access. All data transmitted between IoMT devices, as well as data stored on the devices or in the cloud, should be encrypted using robust encryption algorithms.

Regular security audits to identify and address any potential vulnerabilities in IoMT devices will also become far more common. This can include penetration testing, vulnerability scanning, and code reviews to identify and fix potential security flaws.

Lastly, regular updates and patches (as outlined by the FDA) will become the new norm. Essentially, MedTech companies will regularly update medical devices with the latest security patches and firmware updates. This helps to address known vulnerabilities and protect against known exploits.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Using Your Own Tools Against You: The Rise of Living-Off-the-Land (LOTL) Attacks

While some cyber-attacks announce their presence like a blaring siren, others fly quietly under the radar. This presents a significant challenge for network security teams, who are already battling increasingly frequent, sophisticated, and severe attacks.

One cunning technique that has gained considerable traction in recent years is Living-Off-The-Land (LOTL) attacks. Here, threat actors use an organization’s own tools and infrastructure to launch an attack, stealthily moving through the kill chain without the need for bespoke malware.

Alarmingly, these attacks are not only difficult to detect but also highly effective. For example, the Ponemon Institute found that fileless malware attacks (another term for a LOTL attack) are approximately ten times more likely to succeed than file-based attacks.

As LOTL attacks continue to skyrocket in popularity, organizations need to understand how they work and take proactive measures to prevent them. That’s what we’re going to be diving into today.

What Exactly is a Living off the Land (LOTL) Attack?

In a Living off the Land (LOTL) attack, attackers use pre-installed or legitimate tools on the victim’s system, which enables them to blend in with regular user activity and bypass security software.

Despite the term being coined in 2013, recent cybersecurity reports have noted a marked rise in LOTL attacks. But why have cybercriminals suddenly added LOTL attacks to their arsenal? The answer lies in how effectively these attacks bypass traditional security measures.

Instead of using new and sophisticated methods to attack a system, hackers can use tools already installed on a target system, such as PowerShell, Command Prompt, and other admin tools. Since these tools are legitimate and necessary for many everyday computer tasks, it can be difficult for security software to detect malicious activity when these tools are used in a LOTL attack. In other words, LOTL attacks don’t set off warning signals like many other attacks.

One thing that makes LOTL attacks unique is that they don’t leave any files behind. This is why they’re often called fileless malware. With no executable files or malware to detect, many cybersecurity tools simply won’t realize anything suspicious has occurred.

How Do LOTL Attacks Happen?

So, what does a LOTL attack actually look like? LOTL attacks share many of the same hallmarks as other cyberattacks; only they’re far more challenging to detect. Here is an overview of the process:

  1. Initial Access: A hacker gains access to a network through another technique, such as phishing or social engineering. This gives the hacker an initial foothold in the target network.
  2. Reconnaissance: Once inside the network, the hacker begins to gather information about the target systems and network architecture. The goal is to identify vulnerabilities that can be exploited to gain further access and control.
  3. Lateral Movement: The hacker uses the information gathered in the reconnaissance phase to move laterally within the network. The goal is to find and compromise additional systems to establish persistence and gain greater control over the network.
  4. Privilege Escalation: The hacker leverages the compromised systems to escalate privileges and gain access to sensitive data and critical systems.
  5. Malicious Activities: Once the hacker has established a strong foothold in the network, they can carry out a range of malicious activities, including data exfiltration, installing backdoors, creating new tasks on remote machines, identifying configuration settings, and more.
  6. Obfuscation: Throughout the attack, the hacker takes steps to obscure their activity and avoid detection. This can involve using tools like PowerShell or Command Prompt to run malicious code that is obfuscated to evade detection.

The Anatomy of LOTL Attacks

Hackers have a wide range of tools at their disposal to execute a LOTL attack. For example, attackers may use tools such as PowerShell, Windows Management Instrumentation (WMI), and Command Prompt to carry out malicious activities such as reconnaissance, data exfiltration, and lateral movement.

For example, an attacker might use the built-in Windows utility Netsh to create a reverse shell and gain access to a victim’s system. And many other techniques exist. For example, LOTL attacks can also use the Registry Console Tool (reg.exe) to maintain persistence, store settings for malware, and store executables in subkeys. Other commonly used tools in LOTL attacks include Windows Management Instrumentation (WMI), Service Control Manager Configuration Tool (sc.exe), Scheduled Tasks (AT.EXE Process), and Sysinternals such as PSExec.

Notably, LOTL attacks that leverage Remote Desktop Protocol (RDP) connections can be especially tricky for security teams to spot and stop because RDP is a critical service for system administrators.

Identifying which RDP connections are legitimate and which are not is like trying to find a needle in a haystack, especially when administrative credentials are involved. That’s why “known bads” and historical attack data just don’t cut it when it comes to stopping these types of attacks. Instead, a smarter, more comprehensive approach is needed that focuses on detecting anomalous activity in real-time.

LOTL Attacks In Action

Many high-profile cyber attacks in recent years have leveraged LOTL techniques and other tactics to devastating success. Here are some real-world examples:

  1. NotPetya: One of the most destructive cyberattacks in history. It spread rapidly across networks in Ukraine and worldwide, causing billions of dollars in damages. The attackers used legitimate tools like PowerShell and PsExec to execute their malicious code, making it difficult to detect.
  2. Olympic Destroyer: The attackers behind the 2018 Olympic Destroyer attack used a combination of spear-phishing and LOTL techniques to gain access to the Pyeongchang Winter Olympics’ network. They used legitimate administrative tools like PowerShell to carry out their attack, which disrupted the opening ceremony and caused widespread disruption.
  3. TrickBot: This banking Trojan is known for its LOTL capabilities. It uses legitimate Windows tools like PowerShell and Windows Management Instrumentation (WMI) to evade detection and remain persistent on infected machines. TrickBot has been used to steal sensitive information and initiate fraudulent transactions.
  4. Emotet: This malware has been used in various attacks targeting government organizations and private companies. It leverages LOTL techniques like using PowerShell to download and execute additional modules. Once installed, Emotet can steal credentials and spread to other machines on the network.

These are just a few examples of LOTL attacks seen in the wild. As these attacks become more sophisticated, organizations need to be aware of the risks and take steps to bolster their network security. That brings us to the next section – how to safeguard your network from LOTL attacks.

How to Protect Against LOTL Attacks

LOTL attacks may be difficult to detect, but that doesn’t mean network security teams are powerless to act. Companies can adopt several techniques and best practices to protect against Living-Off-The-Land attacks. Let’s look at some of the most effective methods.

Zero Trust and Least Privilege Access

Zero trust is a security model that assumes that every user, device, and application on a network is potentially malicious, and therefore, no one should be trusted by default. It does away with traditional perimeter-based security controls like firewalls and instead focuses on securing every asset on the network.

Zero trust can help prevent LOTL attacks in several ways. For example, imagine an attacker gains access to a user’s credentials through a phishing email. With those credentials, the attacker could log in to the victim’s account and move laterally through the network, looking for valuable data to exfiltrate. However, in a zero-trust environment, the attacker would not automatically be granted access to the network’s sensitive resources. Instead, they would need to pass multiple levels of authentication and authorization before being granted access.

In this scenario, the zero trust approach would require the attacker to authenticate themselves every time they attempt to access a resource, even if they had already authenticated once before. This multi-step authentication process makes it more challenging for attackers to gain access to the network and limits their ability to move laterally.

Furthermore, in a zero-trust environment, organizations can enforce granular access controls based on the principle of least privilege. This means that users and devices are only granted the minimum level of access necessary to complete their tasks. A least-privilege approach helps limit the attack surface, making it more difficult for attackers to access sensitive data or resources.

Some other effective ways of limiting LOTL attacks include:

  1. Self-learning AI technology: Using self-learning AI technology, like machine learning algorithms, can help companies detect and prevent LOTL attacks by continuously analyzing network traffic, identifying abnormal behavior, and automatically taking action to stop potential attacks.
  2. Network segmentation: Breaking down a network into smaller, more manageable segments can limit the spread of malware and prevent attackers from moving laterally within the network.
  3. Multi-factor authentication: Multi-factor authentication (MFA) adds an extra layer of security to user login credentials by requiring users to provide multiple forms of identification, such as a password and a fingerprint scan or facial recognition.
  4. Regular security assessments and testing: Regular security assessments and penetration testing can help identify vulnerabilities in a company’s network and applications, enabling proactive mitigation and prevention.

Final Thoughts

With LOTL attacks rising, organizations must proactively strengthen their network security and lock cyber criminals out. This is especially important because while LOTL attacks share many similarities with other cyberattacks, they are far more challenging to detect. As such, a smarter and more comprehensive approach is needed to detect anomalous activity in real-time to prevent these attacks.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Everything You Need to Know About Certificate-Based Authentication

No ID? No Entry.

Certificate-based authentication is a way for a computer system to verify your identity using a digital certificate instead of a traditional username and password. Think of it like a driver’s license. When you go to a bar or a liquor store, you need to prove that you’re old enough to buy alcohol. The bouncer or cashier checks your ID to make sure it’s really you, and that you’re of legal age. In the same way, when you connect to a secure website or network, your computer presents a digital certificate to prove that you are who you say you are.

This certificate contains a unique code that identifies you and your computer, and it’s signed by a trusted authority like a certificate authority (CA). The CA vouches for your identity, and the website or network can trust that you are who you say you are. So, instead of typing in a username and password, you just present your digital certificate and the system verifies it. It’s a more secure way of authenticating because it’s harder to steal or guess a digital certificate compared to a password.

 

The Secret Handshake

Certificate-based authentication is like having a secret handshake that only you and the system you’re trying to access know. You can think of it as a VIP club, where only the cool kids with the special wristbands can get in. In this case, your digital certificate is your wristband, and the certificate authority is the bouncer at the door.

Now, let’s say you’re trying to sneak into the VIP club without a wristband. You might try to guess the password or use some other sneaky trick to get past the bouncer. But with certificate-based authentication, you can’t cheat your way in. Your digital certificate is unique to you and your computer, and it’s signed by a trusted authority. So, even if someone intercepts your certificate, they won’t be able to use it to gain access to the network.

It’s like having a secret superpower that only you possess. And because it’s harder to steal or guess a digital certificate, certificate-based authentication is like having a bulletproof vest for your network. It’s the most secure way to authenticate because it’s nearly impossible for hackers to break in without your digital certificate. So, if you want to protect your network from the bad guys, certificate-based authentication is the way to go!

 

What’s Stopping You?

Certificate-based authentication can be a bit more complicated to set up and manage than traditional username and password authentication. It requires companies to have their own certificate authority or to purchase certificates from a trusted third-party CA, which can be expensive. And depending on the size of the company, managing all those certificates can be a bit of a headache.

Plus, not all systems and applications support certificate-based authentication, so companies may need to make changes to their infrastructure to enable it. And even if they do make those changes, employees may need to be trained on how to use certificate-based authentication, which can take time and resources.

That being said, many companies are starting to see the benefits of certificate-based authentication, especially for highly sensitive systems and data. It’s a more secure method of authentication that can help prevent cyberattacks and data breaches. So, while it may not be the easiest option, it’s definitely worth considering for companies that take security seriously.

 

Roll it Out Faster

If companies want to speed up the adoption of certificate-based authentication, they need to make it easy and appealing for their employees.

Firstly, they can simplify the process of getting started with certificate-based authentication by providing user-friendly guides and tutorials. They should explain the benefits of certificate-based authentication in a way that’s easy to understand and make it clear how to use it.

Secondly, companies can incentivize employees to use certificate-based authentication by offering rewards such as bonuses, promotions, or recognition for those who make the switch. It’s like getting a gold star for doing well in school, but cooler because it’s for network security!

Thirdly, they can make it a company-wide policy to use certificate-based authentication for all employees. This helps establish a culture of security and demonstrates to employees the importance of protecting sensitive information.

Lastly, companies can invest in training programs and workshops to educate employees on the benefits of certificate-based authentication and how to use it effectively. They can make it fun and interactive, like a game show where employees can win prizes for correctly answering security questions.

By making certificate-based authentication easy, incentivizing its use, establishing it as a policy, and educating employees, companies can accelerate its adoption and improve their network security. It’s all about making security simple and accessible for everyone.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

TikTok Security Concerns in the Workplace

TikTok, the viral social media app centered around short videos and owned by the Chinese company ByteDance, is coming under intense scrutiny. By now, many of us have seen a TikTok video filmed in someone’s workplace—those “day in the life” clips or rants about coworkers, supervisors, or customers. Or you may have seen a video of someone discussing an unrelated subject while sitting at their desk. It’s safe to say that TikTok has found its way into many workplaces, for better or for worse. But the issue goes deeper than catching unsanctioned glimpses into the workplace environment. Many organizations are worried about TikTok itself, the data it gathers, and which hands that data ends up in.

 

Does TikTok Pose a Security Risk to Corporate Networks?

TikTok, like any other social media app, can pose a potential security threat to a corporate network if used by employees. The app may collect personal information and usage data that could be exploited by cybercriminals, and the app’s security protocols could be compromised.

There have been concerns raised about TikTok’s data collection practices, which include tracking user behavior, location, and contacts. Additionally, TikTok’s parent company, ByteDance, is based in China, which has led to concerns about potential government access to user data.

If employees use TikTok on a corporate network, it could potentially compromise the network’s security. Hackers could exploit vulnerabilities in the app to gain access to sensitive corporate data or use the app as a vector to distribute malware to other devices on the network.

To mitigate these risks, companies may choose to restrict or ban the use of TikTok on their corporate networks. They could also implement security protocols and software to monitor and control access to social media apps and other potentially risky applications. Additionally, it’s essential to educate employees about the potential risks associated with using social media apps on company devices and networks.

 

TikTok Security Concerns Are Mounting

Many states have growing TikTok security concerns. These concerns have led 18 Republican-led states to ban the use of the app on government devices. Federal agencies also bar staffers from using TikTok on their government phones and devices, including the Pentagon, the State Department, and the Transportation Security Agency.

Moreover, Europe is taking a similar approach to TikTok risk, with the European Parliament banning the app on staff phones. This move came just one day after the White House gave federal agencies 30 days to remove TikTok from all government devices. Canada has also followed suit, banning TikTok from government devices over security concerns.

But what TikTok security concerns are at play here? More generally, officials believe that the app could collect sensitive data from users, which the Chinese government may then access. In addition, they’re equally worried that the app may pose a threat to network security and endpoint security. For example, could the app be used to access sensitive information on government devices or to infiltrate government networks (an attack vector)?

The concern here stems from a lack of trust in ByteDance and fears over how much access and control Beijing has over the company and, subsequently, the app. ByteDance denies allegations that the Chinese government is involved in its operations, but these denials are largely falling on deaf ears.

 

Assessing the Seriousness of the Risk

There have been some reports of cybersecurity incidents involving TikTok, but it’s not clear if any companies have specifically experienced a cyber attack involving the app.

For example, in 2020, TikTok was found to be accessing users’ clipboards on iOS devices, which raised concerns about the app’s data collection practices. However, there have been no reports of TikTok being used as a vector for a cyber attack specifically targeting a corporate network.

That being said, it’s important to note that the threat landscape is constantly evolving, and new threats can emerge at any time. Companies should remain vigilant and take steps to mitigate potential risks associated with the use of social media apps on their networks, including TikTok.

 

TikTok Security Strategies Are Evolving

Government agencies banning TikTok is noteworthy, but what does it mean for everyone else? Some argue that governments are being a little paranoid, especially in assessing TikTok’s risk to endpoint security and network security. Still, others argue that governments have a duty to take stringent security measures regarding government data and systems.

But what should private companies do? First, it’s important to note that TikTok poses other significant concerns. For example, employees may unintentionally share confidential company information by filming a video with visible employee screens. They may also give the company a bad reputation by sharing negative stories about the workplace on the platform.

The less popular app BeReal is also coming under scrutiny for similar reasons. BeReal takes a less sensationalist approach than TikTok (it has no filters, hashtags, or followers) and is aimed at users showing an unfiltered view of their everyday life. Since this app requires you to be someone’s friend before you view their BeReal, it may create a false sense of security where users feel less inclined to censor confidential information.

Companies will have to determine their own risk tolerance, but it’s telling that organizations most focused on cybersecurity believe that TikTok is a significant security risk. More widely, companies should update their social media policies to define whether TikTok is allowed on company devices and how (and if) its use is sanctioned in the workplace – don’t leave your security up to chance!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×