Kenny Natiss heads The LCO Group, a NYC-based IT solutions company serving a broad range of industries. Mr. Natiss is a frequent contributor in news segments on data security and how companies can do a better job securing your personal information. In the following article Kenny Natiss shares some of the major developments happening in the world of cyber security.
Hollywood often depicts the world of cyber security as something run by secretive teams of hackers smashing away at keyboards in dimly lit war rooms. While the reality of common breaches is often less dramatic, there’s no denying that cyber security plays a crucial role in protecting individual privacy, corporate financial data, and the most secretive of national documents.
In today’s post Kenny Natiss explores four recent news stories that relate to cyber security. From a handful of security measures currently being developed to a year-long state-backed hack against a powerful government, we’ll explore some of the hottest cyber security news stories from recent days.
Building Security into SIM Card Identity Could Kill Phishing
Under most current security protocols, Kenny Natiss explains that user authentication revolves around a simple username and password. Logins require users to physically input their information before accessing the data with the idea that, if only one person knows the password, no one else can hack the system. Yet passwords have been shown to be flawed and, if compromised, nearly anyone can break in.
Recent innovations from leading cyber security firms are now seeking to avoid these limitations by building security directly into SIM cards. The idea is simple—SIM cards have the exact same cryptographic microchip tech that credit and debit cards use so why not build device-specific security around those proven systems?
Rather than inputting a password, users would simply receive a push notification from the system, confirm their login attempt, and then a backend request to create a Check URL would be sent through the tru.ID API. Kenny Natiss explains that if the phone number for the device’s SIM cards matches the phone number on record, the user’s login attempt is confirmed and they’re allowed to proceed.
Through this improved security protocol, phishing would become a thing of the past. There would no longer be a reason to phish for passwords because the password would become a thing of the past. However, this new security protocol is still in the works and has not yet entered the mainstream.
New MIT Study Aims to Standardize Zero Trust Security
Kenny Natiss reports that a recent study published by MIT’s Lincoln Laboratory has thoroughly explored the potential benefits of new Zero Trust cyber security protocols. This new approach is a type of security protocol that doesn’t rely on predefined trust levels.
Rather, all users and devices are treated in the same manner, regardless of whether they’re inside or outside of the network. This type of security is important because it doesn’t make any assumptions about who or what might be trying to access the system.
In the past, zero trust security was largely considered to be a pipe dream. The idea of trusting no one and nothing was simply too impractical. However, recent years have seen a number of major companies begin to implement zero trust security protocols. One of the most notable is Google.
Kenny Natiss says the company has been working on a project called BeyondCorp which is designed to replace the standard VPN setup. With BeyondCorp, Google has been able to do away with the VPN entirely. What’s more, other companies are beginning to follow suit.
In December of 2019, Slack announced that it would be moving to a zero trust security model. The company has since rolled out the changes and, so far, they seem to be working well. As more and more companies move to zero trust security, the protocol is becoming normalized and, eventually, zero trust security will become the standard rather than the exception.
State-Backed Chinese APT Caught Spying on Russian Defense
According to findings reported by Israeli cyber security firm, Check Point, a Chinese state-backed APT has been caught tracking and spying on Russian defense systems over the past year. Dubbed “Twisted Panda”, the APT attack targeted two defense institutes as well as an unnamed Belarussian target with a social engineering scheme reporting planned US-backed bio-weapons attacks.
Kenny Natiss explains that when targets opened links to information about these planned attacks, their cyber systems were overrun by backdoor control flow flattening documents previously linked to other Chinese hacker groups. They were well designed to avoid detection but, according to Check Point’s findings, the latest iteration was even more advanced than versions seen before.
Analysts believe that China’s continued cyber-espionage campaign is largely intended to gather strategic information rather than create chaos, however, Kenny Natiss reports that it remains unclear why China has actively targeted Russian defense institutes, despite their seemingly close relationship.
Cyber security is a rapidly evolving field and, as such, Kenny Natiss says it’s important to stay up to date on the latest news. By understanding the current landscape of cyber security, you’ll be better equipped to protect your own information as well as the information of those you work with.