Three Industries that Must Raise the Bar in Encryption for Their Own Protection
One of the easiest predictions regarding network security issues for 2014 and beyond is that the scale of cyber attacks will increase. In light of the recent release of the network security framework by the National Institute of Standards and Technology (NIST) which highlighted security concerns for 16 industrial sectors, here are three industries that must raise the bar in encryption immediately.
* Healthcare – The problematic launch of the Affordable Care Act provided a glimpse of the potential for havoc related to private patient information, but the real security risks in this sector are centered on the growing number of patients in the system and the increasing rewards presented by successful intrusions. Statistically speaking, the most common data targets in healthcare related to cyber intrusions are payment information, medical histories and insurance records. As if the potential for cyber attacks isn’t enough, additional motivation for upgraded data encryption is arriving in the form of an increase in HIPPA-related audits in 2014.
* The financial sector – The customers of financial service firms can see their banking information fall into the hands of hackers via network intrusions, illicit card swipers, information left on mobile devices, etc. While there are security standards in place, such as PCIDSS, the recent slew of high profile breaches indicates that hackers have upped their game enough to work around elemental security measures.
* Utilities – One of the biggest challenges related to network security and the need to encrypt data is the general mindset in the sector. According to recent studies, three-quarters of the providers in this sector have experienced network intrusions in the last year but there is still a tangible neglect of major security issues in approximately two-thirds of the same organizations. While the lack of urgency toward improving network security may be related to either the expense of upgrading systems or the perception that utilities aren’t primary targets, the successful shutdown of an already fragile electrical grid, for example, could result in rapidly escalating costs rivaling or exceeding the largest financial breaches.
As hacking capabilities increase, so too does the level of damage that can be incurred by successful intrusions. As the stakes get steadily higher, these industrial sectors will have to raise the bar in their encryption efforts, or risk potentially devastating losses.
Has the NSA Cracked SSL Encryption?
When the New York Times published an article in early September 2013 that hinted at the NSA’s newfound ability to crack Secure Sockets Layer (SSL) encryption codes, the first reaction by many industry watchers was that the agency had achieved open access to online activities ranging from sending and receiving emails to making purchases on Amazon. In the weeks following the article’s release, however, the analysis of “circumstantial” evidence and other NSA activities has led industry experts to question whether the agency has actually decoded the algorithms used for SSL encryption or is using other methodologies for access.
These possible methodologies include:
* Using networks of computers to target specific users and running calculations until a specific code is broken. The successes of these types of attacks are currently assumed to be limited to weaker codes.
* Hacking to get specific algorithmic keys that are used for encryption
* Using legal means, coercion, or intimidation to gain access to encryption keys used by companies that provide internet services
Of the methodologies for gaining access, the use of the threat of legal action is one area that can’t be fortified due to the fact that many smaller companies simply don’t have the resources for lengthy and/or complex court battles. At the same time, leaked documents have revealed that larger internet companies have been cooperating with the NSA regarding access since 2007. Whether that access included the provision of encryption keys is still up for debate.
Prior to the headline grabbing NSA revelations, the Certification Authority Browser Forum, which sets guidelines that govern SSL protocols, had already mandated that customers with 1024 SSL certificates migrate to the new standard of 2048-bit RSA/DSA by the end of 2013 due to concerns that the existing shorter codes had become vulnerable to quantum computing attacks. This change will raise the algorithmic complexity of encryption codes, which will make brute force computing attacks less effective. The question remains, however, whether the NSA will be able to exploit the human aspect of the equation to reach their objectives.
California proposes mandatory kill-switch on phones and tablets
Politicians and law enforcement officials in California will introduce a bill on Friday that requires all smartphones and tablet PCs sold in the state be equipped with a digital “kill-switch” that would make the devices useless if stolen.
Datacenter Relocation & Migration
There are many reasons a business or datacenter might need to relocate and data center relocation can be costly and difficult. Mergers, acquisitions or exploding market success are just a few of the many reasons you might be considering data center migration. You depend on your IT infrastructures to drive your critical business operations. Engaging in Datacenter relocation will likely be the most critical and difficult tasks your company can take on.
Partner with established experts who will create a comprehensive plan. At DCI, our team of certified project managers and engineers offer end-to-end relocation services that save time, reduce expense and minimize risk exposure.
IT Consulting Company | Microsoft & Cisco Consulting | Network Security | Microsoft Exchange Consultant
IT Managers Business Executives Has your technology become unreliable? Look to us for answers. Looking for IT help? We have so…
Visit our new and improved website!
Motorola stunned us a few months ago when it announced plans to develop a modular smartphone through a collaboration called Project Ara, but we’ve yet to see even a prototype of the device. Here at CES, ZTE is showing off its own modular phone concept, named the Eco-Mobius. The model on display is locked behind glass, and try as we did representatives would not remove it from its tomb for a close look. But the concept shows how users could replace the camera, battery, display, and “core” modules. The core includes separate modules for the processor, RAM, storage, and graphics processor.