Hub Security’s Chief Product Officer Ido Helshtock joined OurCrowd’s Cyber Security webinar to discuss working remotely and secure access at current times.
Hub Security’s Chief Product Officer Ido Helshtock joined OurCrowd’s Cyber Security webinar to discuss working remotely and secure access at current times.
More data and applications than ever have moved to the cloud creating unique infosecurity challenges for both cloud providers and cloud customers alike. Cloud data storage security has forced today’s cybercriminals to invent new ways to circumvent today’s cyber solutions in order to gain access to the sensitive data of millions of businesses and individuals.
Seagate® Technology, a world leader in data storage and management solutions, opened its LyveTM Labs Israel initiative in February. Its mission? To form partnerships with businesses in order to enable innovations by providing simple, secure, and efficient ways to work with exabytes of data.
The initiative empowers the seamless movement of data, optimizing its business value both in flight and at rest. “The reason Seagate created Lyve Labs is because we understand that innovation cannot happen in silos,” said Seagate’s CEO Dr. Dave Mosley. “Innovation is a work of collaboration. The innovators at Lyve Labs are indebted to other innovators. In turn—drawing on over 40 years of Seagate’s experience as a global leader in data storage and management solutions—we want to help enable innovations that use data for the good of humanity.”
Watch Erez Baum, Seagate Lyve Labs Israel senior director and Eyal Moshe, Hub Security CEO discuss how Global companies can partner and collaborate on Cloud, data and security.
The startups partnering with Lyve Labs Israel take on data challenges that tackle real-world problems, such as disaster management and cloud security. One such startup is Tel-Aviv based cybersecurity firm Hub Security who have partnered with Seagate® Technology as part of its new initiative to explore ways to create safe and secure data management solutions.
With the explosion of distributed ledger technology (DLT) as a safe and secure solution for transparently handling and sharing information across organizations, many businesses are jumping on the DLT bandwagon. Proponents of the distributed ledger technology known as blockchain consider it to be one of the best ways to secure transactions.
But while blockchains have many desirable features, such as transaction efficiency, there are still other conditions and requirements to consider when leveraging blockchain technology for business. The publication of DTCC’s most recent paper on the matter outlines key risks associated with the use of the nascent technology and an acknowledgment of the many security risks still associated with its use for both small businesses and enterprises alike.
“With the adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC.
With hundreds of new blockchain-based products released each year, many of today’s development teams don’t consider the security risks associated with the use of DLT early enough on in the project development cycle. Infosec usually isn’t on every founder’s mind when they start projects, especially when it comes to pilots. Once things are in the air, often they are forced to take a few steps back once they realize they hadn’t considered security performance and infrastructure from the get-go. Interestingly, the same is often true for blockchain vendors who are in a rush to get their products deployed.
The fact of the matter is, most don’t consider the fact that all blockchains aren’t created equal. It’s important for businesses to be aware of this fact when evaluating whether the technology they’ve chosen will have the proper security measures they require –– both internal and regulatory.
For fintech solutions looking to meet security regulation standards, opting for a simple cloud-based solution often can do more harm than good. Trusting cloud providers can be risky business –– or better yet, a major risk for your business. However you choose to look at it, while many cloud providers promise to keep highly sensitive data secure many also fail to do so as the recent WSJ’s Cloud Hopper investigation revealed.
When establishing a private blockchain, businesses must consider the best platform for deployment. While blockchain has inherent properties that provide security, known vulnerabilities in any infrastructure can be manipulated by those looking to get their hands on yours or your customer’s data.
Ideally, you should have an infrastructure with integrated security that can:
Considering these capabilities before developing your DLT-based solution will ensure your blockchain network has the added protection it needs to prevent attacks from both within and without.
More data and applications than ever are moving to the cloud, creating unique infosecurity challenges for both cloud providers and cloud customers alike. In this article, we outline the top 5 security threats organizations face when using cloud services.
With all the cyber threats that exist today, banks are more vulnerable than ever to becoming the next victim of a malicious cyberattack. With the growing list of fintech solutions offered in banking and the most recent Cloud Hopper investigation released by WSJ, 2019 was an early indicator of cyberthreats still to come in the year ahead.
According to a new report released by the Federal Reserve Bank of New York, just a single cyberattack targeting one of the largest U.S. banks would likely have a major ripple effect on the global financial system. Even today, with a growing awareness of the cyber-risks involved in a banking sector driven by technology, there’s a greater risk facing banks than ever before.
With all this in mind, here are the top five cyber risks every financial institution should be prepared to defend against in 2020.
Credential stuffing is a type of cyberattack that usually targets the personal data of banking customers. Using stolen account credentials, hackers can gain unauthorized access to user accounts using automated large-scale login requests. The stolen information can then be used to bombard websites and servers in order to try to gain access to critical IT infrastructure. This practice is known as credential stuffing.
List of keys and logins are often obtained via the dark web and allows hackers to save lots of time by avoiding the need to play the password guessing game.
“There is an automated process where the hacker can log thousands to millions of breached passwords and usernames using standard web automation tools,” says Brian Brannon, VP of security product strategy for Safe Systems, an IT security firm that works with community and small banks.
Credential stuffing differs from a brute force attack because in credential stuffing operations attackers are often using usernames and passwords that are known to have been good at some point or another. For banks, credential stuffing is an emerging and credible threat that will only get worse as the number of data breaches increases.
Cloud services come in very useful by helping banks offset IT expenses, boost system uptime and ensure their data is being stored safely. But the promises of the cloud have come with a few hard-earned lessons when it comes to customer data and security.
With so much information stored on the cloud, particularly for the use of public services, cloud providers have become easy targets for malicious attackers looking to gain access to financial institutions. To get a clearer picture of the problem, consider that over 1.4 billion records were lost to data breaches in March 2017 alone –– many of which involved cloud servers.
With the Wall Street Journal’s recent release of their investigation into the global hacking campaign known only as ‘Cloud Hopper,’ the true depth of the risks associated with compromised cloud data couldn’t be more evident, or alarming.
For the Cloud Hopper attack, hackers known as APT10 gained access to cloud service providers, where companies believed their data was being safely stored and protected. Once in, the hackers freely and anonymously hopped from client to client, evading investigator’s attempts to eliminate them for years.
According to WSJ, the attack went far beyond the 14 companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc., Tieto Oyj, and International Business Machines Corp.
To make things worse, investigators said many major cloud companies stonewalled clients as to what was happening inside their networks. Contrary to what many bank executives might think, the sole responsibility for protecting corporate data in the cloud lies with the cloud customer, not the service provider. Hence, no cloud provider is legally or contractually obligated to ensure the safety of customer data –– as much as they may promise to do so.
Phishing is a common type of cyberattack that’s often used to steal user data, including login credentials and credit card numbers. But lately, there’s been an increase in phishing attacks targeting bank employees. Phishing occurs when an attacker tricks an unsuspecting victim into opening a malicious link, leading to an installation of malware which then freezes the system as part of a ransomware attack.
An attack can have devastating results on a business –– especially a financial institution like a bank. Phishing can be used to gain a foothold in a network as a part of a larger attack like an advanced persistent threat (APT) event. In this scenario, an employee is compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.
With access to an employee’s email account, cybercriminals can read a bank’s sensitive information, send emails on the bank’s behalf, hack into the employee’s bank accounts, and gain access to internal documents and customer financial information. This can result in millions of dollars worth of damage in both financial and reputational risks for the institution and its employees.
Ransomware is a type of malware that encrypts data, making it impossible for the owners of that data to access it unless they pay a hefty fee. In March 2017, the WannaCry virus spread independently through the networks of unpatched Microsoft Windows devices, leaving thousands of computers infected and making off with a total of 327 payments totaling $130,700.
Although ransomware has costs businesses more than $75 billion per year in damages (Datto), ransomware still remains one of the most common forms of cyberattack. Banks remain top targets for ransomware attacks, as cybercriminals follow the money for big payoffs. According to a Kapersky Labs report, cybersecurity statistics show attacks were launched from within more than 190 countries, with financial services the second most targeted industry after healthcare.
Successful ransomware attacks, especially on smaller banks, are the result of a lack of IT resources, outdated security tech and protocols, and inadequate endpoint cyber-protection. To help protect themselves against ransomware, financial institutions should place many uniquely-tailored protection layers throughout their networks –– each one acting as an obstacle to block malicious software attacks.
While a majority of exploitation attempts stem from software vulnerabilities, they can just as easily begin from vulnerable pieces of hardware. Anything from an employee device to a router connected to an unsecured network can put an entire organization’s digital infrastructure at risk.
For many CISOs, this may sound like preaching to the choir –– but unbeknownst to many is how easily exploitable their IoT devices are since they’re often not required to have the same level of security scrutiny as computers. Unsecured IoT devices, such as, home routers, printers, and IP cameras are all vulnerable to attack.
As institutions continue to connect more gadgetry to the internet, the number of potential security weaknesses on their networks are also more likely to increase. To breach a financial institution, attackers will target insecure devices to create a pathway to other systems. Once they have an entryway from an IoT device, they have full access to the entire network, including all customer data.
Today’s hackers also have the unfavorable ability to easily exploit a bank’s API system since many legacy APIs weren’t designed with the cloud in mind. This leaves many systems vulnerable from the get-go –– and open banking has just been making the problem worse.
If after reading this article, you’re starting to doubt the security of your organization’s IT structure, know you’re not alone. Here are just a few methods you can adopt in order to create a more safe and secure digital landscape and defend against potential cyberthreats.
Regularly review your cloud infrastructure to ensure it’s up to date. Assess your cloud security’s current state compared to security benchmarks, best practices and compliance standards.
Use a vulnerability management tool to help you automate threat detection and protect against potential threats before they become a problem.
By only providing access permissions to employees who require it, you’re ensuring your organization is well-protected from within –– especially if you employ contractors or part-time workers.
Having a plan in place helps you avoid data loss and allows your to minimize downtime after a disruption. This only works if you backup your data regularly and often.
Encrypting your data cryptographically, and protecting the cryptographic keys to that kingdom, ensures your most sensitive digital assets are always protected –– even if your IT structure is critically compromised.
rnst & Young (EY) launched its token and smart contract review service. The tool will allow companies and individuals to evaluate smart contracts and tokens for known security risks.
Our December Newsletter is live! Subscribe to follow our product, updates, events and cyber security news.
Here are the highlights:
Blockchain & Key Management: Trending
With increasing movement towards blockchain platforms by banks and financial institutions, there is a rise in key management hacking. The Hub Security team weighs in:
Tamper Proof HSM – New Video!
Our latest product video is live! Watch our new self-destructing chip go up in flames when there is an attempt to tamper with it.
HUB’s APAC Team @ CyberTech Tokyo
Our APAC team, along with CEO Eyal Moshe, exhibited at CyberTech Tokyo, a great event and venue to meet new & existing clients. The energy on the floor was palpable as this space continues to heat up.
Meet us at CyberTech Tel-Aviv in Jan 2020!
We Are Hiring!
We are looking for a new PPC manager to join the team. Click for details.
Subscribe to our Newsletter for Hub updates, events and industry news!
To learn more on HUB Security solutions for digital assets and key management or submit details below.
Wyoming announced last month it may be the first state to make ‘blockchain banks’ a thing. If this sounds strange to you –– it’s because legally and conceptually it is. To date, hundreds of cryptocurrencies have roamed the blockchain network unchecked and unregulated.
When blockchain technology first emerged, many thought cryptocurrencies would change everything –– from how we make purchases to how we invest. But institutional investors need more than a cryptocurrency ledger to satisfy regulators that they can protect customers’ assets.
Now Wyoming is looking to change all that with the introduction of Bill H.R. 2144 (116) to the Wyoming State Legislature. Announced November 11th, the Bill outlines a path to legalization of SPDIs –– legally known as “special purpose depository institutions” –– which would serve business unable to secure FDIC-insured banking services due to their dealings with cryptocurrency.
Since February, a number of important bills were passed in Wyoming aimed at building the infrastructure for what will soon become the most crypto-friendly state in the US. In January, Wyoming’s Senate passed a bill allowing for cryptocurrencies to be recognized as money, and the same month passed another bill defining certain open blockchain tokens as intangible personal property. It’s even rumored that five new “blockchain banks” could bring as much as $20 billion in assets into Wyoming by 2020.
The rapid innovation of blockchain technology and the growing use of virtual currency and digital assets has resulted in many blockchain innovators being unable to access secure banking services. These kinds of bureaucratic legislative hiccups continue to stall the development of blockchain services and products in marketplaces the world over.
Now that’s all about to change, with Wyoming of all states leading the way to a more secure crypto future. With the newfound legal foundations for crypto-based products in place, young companies will now be left to face their next big challenge: protecting their customers’ digital assets from digital threats.
As long as innovators continue to use blockchain, legislators will need to keep pace with the rapid advancement of such technologies –– or lose out on the opportunity to provide the much-needed legal infrastructure for what is still known as the ‘wild west’ era of blockchain technology.
As the financial industry begins its long-awaited move to adaptive blockchain technology, many banks are becoming increasingly open to the use of crypto-based solutions for digitizing assets. It’s no secret the future of banking is digital for many financial institutions looking to modernize their product offerings. It even appears likely we’re headed toward an era of national digital currencies backed by central banks. Hats off to Mike Orcutt.
But HSBC’s decision to be the first financial institution to move $20 billion worth of assets to a blockchain platform is possibly enormously rewarding––– or risky. While the future of blockchain-based platforms such as HSBC’s Digital Vault looks promising, security experts voice growing concerns over the management of such large amounts of digital assets.
While the rise in usage of blockchain technology has made financial asset management more transparent and accessible, the crypto world has seen its fair share of threats over the past decade. From Binance to Bitpoint to Quadriga’s wild story, the industry’s shift in reliance on the blockchain has its own perils.
Blockchains are particularly attractive to hackers since once they gain access to the private keys it’s game over and fraudulent transactions are very difficult to reverse(if at all). While blockchains have unique security features, they also have their unique vulnerabilities. As banks expand their digital solution, they will continue to face continuous ongoing threats to their blockchain infrastructure. As long as vulnerabilities as these exist, banks must learn to embrace innovative solutions that can keep their most sensitive assets secure.
Today we know that marketing tactics which branded blockchain technology as unhackable were simply misleading ––– and wrong. In total, since the beginning of 2017, hackers have stolen nearly $2 billion worth of cryptocurrency, mostly from exchanges, and that’s just what’s revealed publicly. Contrary to popular belief, these attackers aren’t just lone opportunists either, they’re sophisticated cybercrime organizations. According to Chainalysis, just two of these groups, both of which are still active today, have stolen a combined $1 billion from exchanges.
Whether the future of banking relies on the blockchain or paper-tracking is still up for debate. But if history teaches us anything, it’s that we’re still not out of the woods when it comes to protecting our most sensitive piece of data. Even if we’re HSBC.
We wrote earlier this week about key management, and how today’s solutions fail the little guy. On top of their high price points, inaccessible installation and overly complex management –– today’s cyber solutions from giants like Amazon, Microsoft and Google often fall short for mid-tier companies. Which doesn’t really make them solutions at all. As Biggie would say, just mo’ problems. For many 2nd and 3rd tier players, what they really need is pretty straightforward: a simple, affordable way to protect their most valuable digital assets.
In the (really) tiny corner of the world that is key management, most products out there are designed as one-size-fits-all solutions. Like those pants you bought on Alibaba, there’s just no guarantee they will fit. Maybe your hips are a bit wider, your legs a bit longer –– whatever it is, they were obviously not designed for you. So why wear them?
Without coming down too hard on the big retail, my point is: you still need pants. That’s kind of what it’s like for most mid-tired companies. Except in this scenario, many of these businesses also losing out on a ton of money on lost profitability. With products they can’t protect without losing an arm and a department, they sit unused –– a lost revenue stream that won’t ever see the light of day.
It’s almost revolutionary to think that a solution should be simpler. Like when Steve Jobs packed over 10,000 mp3 filed into a handheld iPod Mini. It killed the walkman. And that’s what our team at Hub Security has set out to do: be revolutionary. We’ve built a solution that is accessible, affordable and adaptable to any-sized business.
With the HUB platform, administrators can define customer policies and permissions and custom build an internal key management system that works for them. Like Lego pieces, HUB’s platform is built to grow at scale –– developing with you, as you develop your business. See? Like I said, revolutionary. With a low-barrier of entry, a relatively low price-point and 24/7 support, first-tier cloud providers have nothing on us.
Want to learn more? Check out the HSM device for yourself? Reach out to us at email@example.com or leave your details below
Keep up with cyber security news!