Article posted: Aug 23, 2018

By Joakim Thorén, CEO

While large enterprises across the US most certainly have sophisticated cybercrime fighting measures in place, the same is not true of many of the nation's small- and medium-sized businesses (SMBs).

That's why the NIST Small Business Cybersecurity Act, S. 770, previously referred to as the Main Street Cybersecurity Act, was signed into law by President Trump last week. S. 770 charges the National Institute of Standards and Technology (NIST), a division of the commerce department, with helping the nation's smaller businesses better prepare for and address the potential of cybercrime through better education. The Act specifically states NIST is to help SMBs "identify, assess, manage and reduce their cybersecurity risks."

Continue Reading...

Article posted: Aug 06, 2018

By Joakim Thorén, CEO

Another day, another data breach, as social news aggregation platform Reddit just announced it was breached. With the GDPR regulations in effect, more organizations are quickly reporting breaches and investigating their causes to avoid stiff penalties. The latest breach affecting Reddit demonstrates the dangers of using SMS for two-factor authentication.

Continue Reading...

Article posted: Jul 18, 2018

By Joakim Thorén, CEO

Cisco's 2018 Annual Cybersecurity Report points out that mobile devices are the most difficult to protect. That's in large part because of increased use of Bring Your Own Devices (BYOD) into the workplace. While organizations can save up to $350 per phone, per employee, by allowing the use of BYOD devices, there are inherent security challenges. When employees download apps from questionable gaming sites that are more likely to be breached, they leave a window for hackers to enter corporate servers and steal valuable organizational data.

Continue Reading...

Article posted: Mar 05, 2018

By Joakim Thorén, CEO

Recently, ECN published an opinion piece on why smartphones can do double duty to secure data and a user's identity. Certainly, the smartphone is a good tool for authentication, but relying on One-Time Passwords (OTPs) is not an ideal two-factor authentication method, because OTP authentication makes use of rather short computer-generated passwords. These passwords are often provided to the user with none or very weak authentication.

Continue Reading...

Article posted: Feb 27, 2018

By Anders Adolfsson, Technical Consultant

We've written about the dangers of One-Time Passwords (OTP) for use in two-factor authentication and applauded the National Institute of Standards and Technology's (NIST) stance on eliminating SMS-based OTPs. It seems we're not alone. FireEye recently blogged about the dangers of OTPs in phishing campaigns and how hackers are using real-time phishing in attacks on corporate websites.

Continue Reading...

Article posted: Dec 22, 2017

By Marcus Hartwig, Versasec GM Americas

Like every industry, it's an imperative for government agencies to safeguard their data, and many agencies are extending their security requirements right down the line to their suppliers and contractors.

For example, new government regulations going int...

Continue Reading...

Article posted: Aug 30, 2017

By Marcus Hartwig, GM Americas

When I saw this headline in the Wall Street Journal recently, "T3rr1bl3 @dv1c3," I couldn't resist reading the article and sharing the regrets of one of the pioneers of secure passwords.

The article includes an interview with Bill Burr, a former manager at the National Institute of Standards and Technology (NIST), discussing how he'd come up with recommendations for secure passwords some 13 years ago. At the time, he says, he was tasked with providing recommendations on the best ways to keep passwords secure for a NIST special publication (800-63, Appendix A). He didn't have much time, so he invented his own rules, he says, putting together an 8-page guide.

Continue Reading...

Article posted: Mar 10, 2017

By Marcus Hartwig, GM Americas

Google's Nest thermostat and other consumer IoT devices are flooding the market. By 2020, Cisco predicts 50 billion IoT devices will be connected. Not surprisingly, security is a major concern for these connected devices. After all, no one likes the idea of hackers infiltrating smart devices, like DVRs or cameras, the very devices that were hacked to bring down DynDNS last October.

Continue Reading...

Article posted: Mar 01, 2017

By Marcus Hartwig, GM Americas

For more than 20 years, cryptographic hash functions like SHA-1 have played a major role in browser security, managing code repositories or even just detecting duplicate files in storage. SHA-1, or Secure Hash Algorithm 1, was designed by the United States National Security Agency and was published by the United States NIST. We applaud the recent collaboration of the CWI Institute in Amsterdam and Google, which now shows its many flaws and security weaknesses.

Continue Reading...

Article posted: Oct 12, 2016

By Marcus Hartwig, GM Americas

When the National Institute of Standards and Technology (NIST) declared over the summer that SMS-based, two-factor identification should be put into the scrap heap of history, lots of us in the industry breathed a sigh of relief.

Continue Reading...