Cyber security has always been a challenge over the Cyber security Risk is increasing, driven by global connectivity. Cybersecurity’s importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now posted to the public on our social media accounts. Sensitive information like social security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive. The fact of the matter is whether you are an individual, small business or large multinational, you rely on computer systems every day.
Are you talking about cryptography?
I am pedantic with my word specially when it comes to crypto. Because it’ll help everyone understand if the system is designed correctly.
Here are some examples.
“We will encrypt the data with the key.” My response is “which key?”
“We encrypt the certificate.” My ask is, “You encrypt the cert or the private key associated with the certificate? Because there’s no need to encrypt the certificate.”
Or, my favorite when there’s a hierarchy of keys, “We will rotate the key every two years.” My ask is again, “Which key?” Rotating a key encryption key (KEK) is easy, but rotating the data encryption key(s) (DEK) is hard when you have millions of rows of data. But that’s a discussion for another day.
I could keep going, but these are some common comments I hear via MSFT forums, security researcher.
So please be specific when talking about cryptography, especially keys! #security #datasecurity
Mobile Security
Mobile phones are one of the most at-risk devices for cyber attacks and the threat is only growing. Device loss is the top concern among cyber security experts. Leaving our phones at a restaurant or in the back of a rideshare can prove dangerous. Luckily, there are tools that lock all use of mobile phones (or enact multi-factor passwords) if this incident occurs. To combat mobile apps that request too many privileges, introduce Trojan viruses or leak personal information, experts turn to cybersecurity tools that will alert or altogether block suspicious activity.
Types of Cyber Threats
Cybersecurity refers to the practice of ensuring the integrity, confidentiality, and availability (ICA) of information. Cybersecurity consists of an evolving set of tools, risk management approaches, technologies, training, and best practices designed to protect networks, devices, programs, and data from attacks or unauthorized access.
The threats countered by cyber-security are three-fold:
- Cybercrime includes single actors or groups targeting systems for financial gain or to cause
- Cyber-attack often involves politically motivated information gathering.
- Cyberterrorism is intended to undermine electronic systems to cause panic or fear.
Are We Stuck With the Four-Box Problem?
I don’t think so. CloudOps will likely add more traditional security functions, like incident response, making all things related to cloud infrastructure management centralized under one independent function.
That would be a big change — like a mini-cloud SOC within CloudOps.
With such a change, we might see the problem knock back down to only two or three teams involved in security. If a CloudOps team manages all cloud infrastructure security, as well as the overall agility and orchestration, they may only work with developers through a ticketing system to fix specific code issues. A modification would be Three Boxes for CloudOps, Developers, and DevOps if runtime and CI/CD pipeline management remain separate.
This constant evolution of org structure and security responsibility makes it tough to effectively staff a security team or design a workable security stack.
My advice for all the security folks out there: Learn something about cloud environments. There’s no going back from digital transformation, and you will be best suited if you can secure cloud infrastructure. The need for security isn’t going anywhere — it’s increasing. Developers, DevOps, and CloudOps all need the security person’s mindset to work within their org structure and ensure business data remains secure.
Few types of phishing posts – while they seem actually reveal crucial information about you that “unsavory” people can use to steal your identity. Example, if you have a myuid account, you would be aware of several “secret” questions that have to be answered to access your account and details.
If you look at the posts here and then compare with the questions, you’ll understand they are identical in many cases. Answer 2 or 3 of them and you’ve given away your Father’s name/maiden name, your pet’s name, your middle name, your first car and/or the street you grew up in.
Please be alert about what you answer on social media posts, or in the public domain, which might seem like harmless fun, but isn’t!
#cybersecurity #phishingscams
AppSecurity & Cyber Security 