President Biden Launches New National Cybersecurity Strategy 

Cyber Security, Internet, Joe Biden, National Cybersecurity Strategy, Ophtek, Safety, , , ,
04
May 2023

At the start of March 2023, a new National Cybersecurity Strategy was launched by the Biden administration. And it promises big things. 

The previous National Cybersecurity Strategy was released by the Trump administration in 2018. However, since then, the world and the internet has changed significantly. An updated strategy makes sense. But what exactly does it seek to change about the way in which we access and navigate our way through the internet? Well, for one thing, it starts by stating that the Biden administration will be investing $65 million in order to provide every American with access to high-speed internet. 

In terms of cybersecurity, however, the 2023 strategy tackles a much broader range of problems

The Ins and Outs of the 2023 National Cybersecurity Strategy 

The paper which outlines the 2023 National Cybersecurity Strategy is 35 pages long. It’s also a complex read. But this doesn’t mean the main takeaways are exclusive to high-level IT experts. This is why we’ve decided to help you by breaking down the five pillars that the paper covers: 

  1. One of the major priorities of the 2023 strategy is to secure our critical infrastructures. This means that essential systems and networks – such as energy grids and water supply systems – are at risk from cyberattacks. And, just imagine, if a group of threat actors disrupted power supplies, it would result in a major catastrophe. Therefore, the Biden administration is aiming to foster collaboration between government agencies and other stakeholders to identify and protect against any vulnerabilities. 
  1. Strengthening our cyber defenses and disrupting threat actors has been identified as a major area for the 2023 strategy to cover. This involves developing strong cybersecurity policies, ones which can quickly detect and respond to cyber-attacks. Once developed, these policies need to be implemented as seamlessly as possible to protect our networks. Naturally, investment in technology and skilled staff will feature heavily in the success of this second pillar. 
  1. The third pillar of the new National Cybersecurity Strategy seeks to make market forces drive security and resilience. This means that companies which own personal data will be expected to develop more secure storage systems, and existing laws will be updated to protect users against the risk of software vulnerabilities. The aim of this pillar is to ensure that developers need to foster higher standards of care. The result will be a safer digital landscape. 
  1. Investment is crucial in any area seeking to make improvements, and the internet always needs improvements. Accordingly, the Biden administration is seeking to improve three key areas: computing technology, clean energy technology and biotechnology/biomanufacturing. This pillar is also concerned with strengthening the US cyber workforce through enhanced education and digital awareness. 
  1. The final pillar in the 2023 strategy focusses on the importance of international partnerships to pursue shared goals. After all, the US alone cannot stop the rise of cybercrime. Common threats need to be addressed by sharing resources and pooling knowledge. The end objective is to deliver higher levels of assurance that digital systems and platforms are safe and secure. 

The latest National Cybersecurity Strategy continues the excellent foundations put in place over the last two decades. It’s a responsible step for the Biden administration to take and, at the very least, will provide peace of mind that the internet remains, on the whole, safe to use. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

The Best Ways to Browse Online Safely

Internet, Online Security, Ophtek, Security, Security Threats, , ,
03
Dec 2019

Browsing online is a part of almost everyone’s daily routine, but the web can be a dangerous place. Therefore, you need to know how to browse online safely.

Malware, ransomware and viruses are just three of the nasty surprises you can find lurking online. These all have the potential to damage your PCs as well as compromising any data contained within them. It’s an unpredictable landscape, but one that can be navigated safely if you know what you are doing.

And we want to keep you safe. That’s why we’ve put together a list of the best ways to browse online safely:

  • Use a Secure Browser: To browse the internet you need to use an internet browser. And this browser needs to be secure. The most common browsers to be found in use on PCs are Chrome, Firefox and Internet Explorer. The good news is that all three are relatively secure. But this security can be tightened further by changing the browser’s safety parameters. So, to make things that little bit securer, turn off any autofill options (to avoid personal data being stolen) and turn cookies off (to enhance your privacy). 
  • Browse with a VPN: A virtual private network (VPN) is a sure fire method of maximizing your privacy online. A VPN will encrypt your data and conceal your location to make sure your privacy is maintained. This method of protection is most useful when you are browsing online through the use of public WiFi. Notoriously unsafe, public WiFi opens your connection up to numerous vulnerabilities. But, with a VPN in place, you can rest assured that you’re as safe as possible. We recommend Private Internet Access as a VPN service.
  • Always Check for HTTPS: The best site to browse safely is a secure site. But how you do you know if a site is secure? Well, the answer can easily be found in the address bar of your browser. A site’s security can instantly be assessed by checking to see if the URL starts with HTTPS or if there’s a padlock icon. If this is present then it means that any data sent to this site is private and secure. Otherwise, you should avoid submitting any data. 
  • Download from Trusted Sources: There are countless malicious websites online which have the potential to cause great damage. Visiting these websites is a dangerous step in itself, but downloading from them is a major mistake. A good rule of thumb for browsing online is that you should only ever download from a trusted source. And, if you’re even just 1% unsure, you should always get an IT professional to verify any potential downloads. 
  • Change Your Passwords Regularly: Passwords for online services are one of the best ways to enhance your security. But you need to change these regularly. A password which is frequently changed minimizes the risk of it being cracked or hacked. Ideally your passwords should be changed every 28 days to keep you one step ahead of any hackers. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Reductor Malware Brings a New Threat to Data Security

Data Security, Internet, malware, Ophtek, Security, , , ,
22
Oct 2019

Each time that malware evolves it becomes more dangerous. And our data becomes less secure. A case in point is the Reductor malware.

We’re used to malware being used to download malicious files and open up remote access to infected PCs, but Reductor is different. It’s new and it does things differently. And it’s this unfamiliarity which makes it all the more dangerous. Focusing its target on web traffic, Reductor brings a new threat to data security. Combating it is crucial, but to do this you need to understand how Reductor works.

It’s not easy to understand how a new piece of malware operates, so let’s drill down into its core and see what we can discover.

The Basics behind Reductor

Reductor, which has only recently been uncovered by Kaspersky, is a sophisticated piece of malware. Its main objective is to compromise encrypted web traffic. But what does this mean? And how does Reductor achieve this? Well, when a website is secure it will use Hypertext Transfer Protocol Secure (HTTPS) to securely transmit data. And this allows sensitive data such as login and credit card details to be encrypted into nonsensical code. Anyone attempting to view this encrypted data will be unable to make use of it.

But Reductor allows hackers to view all of this sensitive data before it’s encrypted. It does this by compromising the Transport Layer Security (TLS) and manipulating the associated security certificates. Reductor also patches the pseudo random number generator (PRNG) to establish how the corresponding data will be encrypted. It’s then possible to decrypt any resulting data with ease. And, despite all this activity taking place, the web traffic does not exhibit any signs of having been altered. Therefore, Reductor is unlikely to arouse the suspicious of any infected users.

Staying Safe from Reductor

Web traffic contains such an immense amount of data that concealing it from prying eyes is crucial. Reductor aims to remove these barriers and exploit as much data as it can. But you can protect yourself by taking note of the following:

  • Run any downloaded files through anti-malware software to limit the risk of executing carefully concealed malware.

Thankfully, following the discovery of Reductor, the majority of anti-malware manufacturers now offer protection against Reductor and the ability to block it.

Final Thoughts

Privacy concerns have become a major issue over the last decade with malware being at the forefront of this rise. And Reductor is only going to fan these flames further. It’s likely that malware will evolve into something even more sophisticated over the next couple of years, so it’s important to take note of any developments in malware. As ever, proceed with caution online and, most importantly, if something looks suspicious do not click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What are the Most Common Computer Network Problems?

Data Security, Internet, IT Best Practices, Network, Ophtek, Windows Server, wireless network, , , ,
10
Sep 2019

 

Getting to grips with problems relating to your computer network can be a frustrating affair, but it’s one which is likely to happen on a daily basis.

Computer networks are, after all, highly complex systems that comprise various components and are in use by multiple users. These structures may bring many benefits, but they can also be a recipe for disaster. And, if your network fails or experiences any issues, then your organization’s productivity is going to be affected.

Your main objective, with your computer network, should be to keep it online and functioning correctly. But you can only do this if you know what the most common computer network problems are, so let’s take a look:

  • Slow Connectivity: If there’s one thing that frustrates an employee then it’s slow connectivity over a network. PCs can grind to a halt and even the simplest task can take an age to complete. It’s often caused by large file transfers, so a limit should be put in place on the size that is permitted e.g. no email attachments that total more than 20mb as a standard rule. Sometimes this lag can also be caused by faulty network cards, so it’s important to investigate this possibility. 
  • IP Conflicts: Each PC on your network should have a unique IP address such as 209.85.255.255, but sometimes two PCs can be assigned the same IP address. And this can create major connectivity issues for both parties. Sometimes these conflicts will work themselves out, but you can help speed up the process. Restarting the router is the simplest approach as it should assign new IP addresses to every PC on the network. 
  • Unable to Connect to Local Printer: Printers on a network tend to be shared by multiple users, but occasionally an error can arise that leaves people unable to access the printer. This problem is often caused by a sharing issue whereby different security settings between PCs and the printers fail to agree with each other. When this occurs it’s recommended that you check firewall settings and that your Windows network adapters have printer sharing enabled. 

  • Faulty Cables: A computer network relies on cables to facilitate its connectivity. And when just one cable fails it can have massive implications for your network. However, it’s easy to overlook cables as the source of network issues. People tend to concentrate on software and hardware troubleshooting first. Nonetheless, investigating the condition of cables in the affected network area is vital. Cables can easily become dislodged or damaged, so sometimes the fix can be as simple as plugging them back in or replacing. 
  • Weak Wi-Fi Signal: If you rely on wireless connections in your organization then you will be well aware of the issues caused a weak signal. This can often be caused by environmental issues such as the presence of a microwave or even the layout of an office. It’s important to eliminate these factors to identify the cause of the fault. Alternatively the connection issues could be caused by out-dated firmware, so make sure all updates are installed. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Taking Down the Internet: The Attack on Dyn

Internet,
06
Dec 2016

ddos-attack

Even the biggest firms are failing to combat cyber-attacks as a recent DDoS case has revealed; if the big firms are struggling, what does this mean for you?

Well, what’s most interesting is that this distributed denial of service (DDoS) targeted some major players of the online world such as Twitter and PayPal. As you would imagine, these firms spend millions of dollars on cyber-security, but they were still successfully hacked and found their services severely disrupted.

It’s incidents such as this which highlight just how frail security defenses can be when confronted by a formidable foe. To help you understand how the power is shifting out there, I’m going to take a look at the current landscape.

The Dyn Inc DDoS Attack

 

outagemap-0

The DDoS attack we’ve been focusing on was aimed at the cloud based online infrastructure company Dyn Inc; basically, these guys form the server backbone for brands such as Twitter, PayPal and Netflix.

And it was this backbone which was targeted by hackers through a phenomenal botnet capable of transmitting 1.2 trillion (that’s 12 zeros!) bits worth of data at Dyn Inc every second. Understandably, these huge amounts of data soon brought severe data outages and this is why sites like Twitter suddenly disappeared from the web.

Fortunately, this huge influx of data eventually stopped, but it was an attack of such magnitude that it’s left the security industry very concerned.

Why Are Attacks Getting More Prolific?

DDoS attacks have steadily been ramping up their power in recent months, so it seems as though there’s a concerted effort amongst hackers to outdo each other. This is a dangerous scenario and is leading us down a path towards a world of super powerful hackers.

These hackers are also being helped in the upsurge in popularity of the ‘internet of things’. Thanks to the huge proliferation of internet ready devices (smart TVs, security cameras and even heating systems) there are now more entry points to your core network than ever before.

In fact, a recent mock-up of a wireless toaster demonstrated just how quickly hackers can find access points to networks. In this example, everything was securely set up to prevent any damage occurring, but not all Wi-Fi ready devices are this secure. It’s predicted that any device which can be accessed by the public is potentially vulnerable.

And it’s in sharp contrast to, for example, a decade ago when hackers only had the limited choice of attacking PCs, but the playing field is now becoming wider and wider with the internet of things. Matters aren’t helped by the increase in popularity of ‘cyber-crime as a service’ which allows anyone to buy hacking tools or services from the dark web and carry out crude cyber-attacks.

Protecting Yourself

 

ddos-diagram

Hackers are becoming more and more sophisticated, so it’s crucial that you conduct a thorough analysis of your security precautions on an ongoing basis. It’s paramount, in particular, to keep a close eye on any devices which connect to the internet as they may need specialist attention to make secure.

When it comes to preventing DDoS attacks, it’s a little harder as they’re difficult to prevent. Sure, you can have ‘bad traffic’ routed elsewhere, but this is a very costly service. And this is why the future for cyber-security is a little uncertain and means hackers are increasing their chances of successfully completing a hack.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 6