23143_Blog_080223_vFinal.1

Cybersecurity in a Post-Quantum World

It’s no secret in the cybersecurity world that traditional cryptography systems, used throughout the entire Internet, are vulnerable to quantum computer attacks. By leveraging quantum mechanical phenomena, quantum computers are powerful enough to decipher the algorithms used as the basis for the most widely used cryptography systems on the Internet, such as RSA.

But quantum computers are not yet widely available, and those that have been developed are not believed to be powerful enough to totally break existing systems. According to Matthew Scholl, Chief of the National Institute of Standards and Technology’s Computer Security Division, feasible quantum computer attacks are still years or potentially decades away. Even so, it took nearly two decades to implement modern public key infrastructure.

Given the magnitude of the impact of quantum computing across every facet of the Internet, there is a need to rethink the approach to Internet security in a post-quantum world – and experts have known this. But what does that post-quantum world look like? The landscape of cybersecurity is and has been changing, but where are we headed?

Fighting fire with fire

The good news about supercomputers is that the same strengths that make them effective weapons can also be leveraged for defensive capabilities. Quantum mechanics can also be leveraged to generate and distribute secure keys. Traditional cryptography systems can be vulnerable to brute force attacks from quantum computers, since they are powerful enough to guess potential key combinations at unprecedented speeds. Additionally, current cryptography systems cannot provide a way to detect if encrypted data has been tampered with, meaning an attacker could compromise encrypted data without being detected.

However, by leveraging quantum mechanics, it’s possible to establish shared secret keys between two users that are only know to them. Additionally, observing the quantum bits used in this system alters them, meaning attempts to intercept data would alert users.

But what about those who don’t have access to quantum computers? Until major technological breakthroughs are made, quantum computers won’t be widely available to most organizations. And your most sensitive data needs protection now.

Post-quantum cryptography

Fortunately, cybersecurity experts around the world have been developing new standards to protect existing systems without relying on quantum computers for defensive capabilities. Collaborative efforts seek to devise different approaches and assess risks and strengths. The Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) are collaborating with various partners to generate new approaches and provide implementation plans for organizations to make the transition to post-quantum cryptography.

The problem of integration

For implementation plans to be feasible for most organizations, new defensive systems would ideally be able to integrate with existing computer systems – and take far less than 20 years to implement. NIST’s Post-Quantum Project was created with the intent to gather potential new technologies to assess their security and feasibility of use. But this is a relatively new field in cybersecurity, so it will take years to develop and standardize processes to protect against quantum computer attacks.

Is your organization prepared for the shift required to survive this changing landscape? For information on how Fognigma can protect your organization against quantum computer attacks without requiring a complete overhaul of existing organizational infrastructure, systems, and technology, see the Fognigma main page, and feel free to contact us.

 
 
SOF_Week_Social_4_30_23_v02.00

Fognigma SOF Week 2023 Press Release

Dexter Edward to demo Fognigma’s secure communication & collaboration, data security, mission partner network capabilities at SOF WEEK 2023.

Dexter Edward will be attending SOF WEEK 2023 as an exhibitor from May 8-11th at the Tampa Convention Center in Tampa, Florida to demonstrate several communication and collaboration capabilities from the Fognigma product line suited for a wide variety of SOCOM operations in contested digital environments.

Fognigma is a Commercial-Off-The-Shelf (COTS) software that can create complete standalone mission environments in the cloud, complete with a variety of communication and collaboration tools incorporating end-to-end encryption, managed attribution, network & user anonymization and obfuscation, smart firewalls, and other security features. The product is now available for purchase via ITES-SW2 and SEWP V.

The following Fognigma capabilities will be demoed during the exhibition:

Speakeasy. A self-owned, cloud-hosted videoconferencing solution that generates unique, disposable, user-specific misattributing access paths to conferences.

Virtual Desktops (VDIs). Sandboxed, anonymizing cloud-hosted desktop instances deployed with a wide variety of mission tools for communication & collaboration, data collection & analysis, and more.

Holler. A cloud-based telephony solution that protects user numbers, identities, and locations through several customizable voice & SMS capabilities for a wide variety of mission communication scenarios with trusted and untrusted parties.

Wicket & Netcutter. A hardware device that protects the Internet activities of users and devices, facilitates connections to Fognigma’s private communication & collaboration networks, generates location-based network exit nodes, and provides remote LAN access capabilities.

fognigma sof week

Fognigma is a Technology Readiness Level 9 product that has been awarded nearly two dozen patents, and is ISO 9001:2015 accredited and FIPS 140-2
validated. The product undergoes regular penetration testing from multiple third parties, and new versions are developed, tested, and released regularly to improve security and add new capabilities driven by customer needs.

For more information on Fognigma’s capabilities, please visit booth #805 on the upper level at SOF WEEK 2023.

Dual Encryption Methods

Securing Your Network In A Bring Your Own Device World

When the entire world shifted to remote working, many companies did not have bulk technology available to let their employees take home to continue doing their job. This forced many to enforce ‘bring your own device’ or in other terms, they had to let their employees use their personal devices to continue working from home. Although this may seem like a benefit, the cyber security challenges and privacy concerns of using personal devices will cost companies more in the long run.

The Risks Of Employees Bringing Their Own Devices

Data Leakage

When employees access company information using their personal devices, especially from anywhere, it increases the possibility of company data being leaked. Mobile devices are the most susceptible to attacks. Additionally, mobile devices and tablets require frequent updates to prevent security loopholes, and if one update is missed and an employee has company data on their device, your company’s data becomes extremely vulnerable.

Higher Chances of Vulnerabilities

When employees access data from their personal devices, its nearly impossible for companies to track what data is saved on their devices. With that, if any employee connects to a public or suspicious WiFi signal, loses their phone, or forgets to install an update, whatever company data is on that device is at risk.

Malware Infections

Employees are not as careful on their personal devices as they need to be. If any employee unintentionally downloads malicious malware on their device, which is connected to the rest of the company’s network, depending on what type of malware it is, it could end up connecting to other devices on your company’s network. This would allow unauthorized users to gain access to usernames, passwords, and sensitive data posing a huge security risk.

Protecting Your Network While Allowing Your Employees To Use Their Own Device

Limit Access

Giving employees access to everything in the company is a huge security vulnerability. Employees only need access to the stuff they need to do their jobs. To ensure your company’s network security, you need to implement role-based access into your cyber security strategy. This limits employees access to only systems and data required for their job roles.

Two Factor Authentication

Nowadays, both passwords and physical devices can be stolen, which is why many companies are implementing two-factor authentication on their employee’s accounts. Two-factor authentication requires users to have two pieces of information to confirm identities before accessing whatever account they are trying to login to. Most two-factor authentication processes have a strong password with a second factor like a code sent via text message or phone. This ensure safety because even if a password were hacked or a device was stolen, the criminal would need the second piece of information to gain access to the account.

Enable Network Access Controls

Network Access Control (NAC) only lets devices connect to a network that are up to date on their software. Devices that are not will be denied access. This will save your company from a significant amount of vulnerabilities.

Lost or Stolen Protocols

Having a policy in place regarding when a device is lost or stolen will safeguard your data that is stored on that device. Its important to be able to remotely wipe the data that is on the device so that unauthorized users cannot use the device to access corporate data.

A Trusted Software Solution

In a bring your own device world, companies need a solution that secures their data no matter where their employees work, and what they are working on. Fognigma’s trusted patented software solution lets organization’s build secure, invisible, adaptable, networks anywhere, on any device, in minutes. Inside a Fognigma Network, users can quickly and easily deploy end-to-end encrypted, traceless communication and collaboration tools such as messaging, video conferencing, file sharing, phone calling, and more. Through Fognigma’s user-friendly interface, office administrators can create and assign users groups, ensuring employees only have access to the resources needed to do their job. Using simple software or hardware, users can instantly secure their connections and safely access company information from anywhere on any device. At the end of the workday, Fognigma Networks and resources can be destroyed in just a few clicks, ready to be redeployed the next day.

Contact us for more information on how Fognigma can protect your company data, on any device!

free vpn

The Most Important Network Security Best Practices

Thanks to COVID-19, most businesses are sharing sensitive company data, communicating with one another, and collaborating on projects virtually. Although the internet provides a great space for businesses to stay connected while most users are working from their homes. There is a downfall to this virtual connectivity – network attacks. The PwC Global Economic Crime and Fraud Survey 2020 states that, the average number of frauds per company reported is about 6, which comes out to equal billions of US dollars lost because of these crimes. With so many threats and so much at stake, even the best network security teams cannot keep up. Companies should be following these measures to protect their business against the multitude of cyber-security dangers. 

Maintain Software

One of the easiest, but most effective, solutions for network security is to update current antivirus software. Its imperative software updates are installed immediately as they become available. However, although valuable, this one single solution is not enough, especially since today’s threats are more sophisticated than ever. 

Make Visibility A Priority 

Most organizations think of their network security as a force repelling incoming enemies, and fail to realize that the people inside their walls are the biggest threat. According to Security Intelligence, 75% of security breaches come from insider threats. Most of these cases being unintentional but how can companies prevent insider threats? By monitoring their user’s activity within their network and restricting access to certain websites. By tracking what your users are doing, companies become aware of the situations and can see what actions happened that may have compromised their companies’ network.

Restrict User Permissions 

While most insider threats are accidental, the intentional ones are the ones that cause the most damage. Most insider threats are from upset or former employees who leak/steal sensitive company information. Although it is common for most businesses to restrict access for each employee, giving users access to everything is a huge security risk. To keep your company and employees safe, employees should only have access to the resources they need to perform their job. Furthermore, organizations need to realize the malicious risks associated with employees using their own devices for work purposes. By using company-provided devices you are in control of what is on it and the accesses employees have. 

Establish A Security Policy 

Just by setting clear expectations and guidelines for your users can make the biggest difference. To be proactive and see where your policies fall short, perform a security risk analysis, and make adjustments where needed. To ensure employees are contributing to your network security, provide on-going security training. Its also beneficial to have a security expert on-staff, for users to reach out to when further clarification or assistance is needed. 

Backup Your Data

A benefit of digital information, is that copies can easily be made. This allows organizations to copy their data information and store it in a separate, secure location off their network. This gives organizations something to refer to in case of a cyber-attack. It is important to regularly backup your data, so one data breach doesn’t ruin your entire organization. 

Third Parties Are Just As Dangerous

If internal users represent such a huge part of data breaches, then third parties are just as dangerous. When organizations work with third parties, they need to access company information somehow. Giving them network access will create more entry points which creates more entry points available for malicious attacks. It is important to evaluate the third parties you are working with carefully and restrict their access as much as possible. 

Education Is Key 

Organizations can have a solid security strategy in place, but if their employees are not complying, your network will always be vulnerable. Securing your data and the users using the data should be a top priority. Train your employees on how to recognize and report threats, what to do to prevent them, and using/accessing data according to your company’s policy. Educating your users on how to protect your network is a huge step towards company cyber safety. 

Be Prepared 

You never really know when a threat is going to happen, so being prepared for the worst is crucial. Organizations must constantly monitor their networks for threats, analyze and fix the threats that do come through, and stay-up-date on cybersecurity best practices and trends. 

 

Fognigma’s Network Solutions 

Fognigma provides a variety of software and hardware solutions, that allows enterprises to completely secure their network connections. All solutions are wrapped in FIPS 140-2 validated, cascading AES-256 encryption. Fognigma’s network solutions include:

Fognigma VPN: A specialized VPN built providing streamlined, user-friendly access to private collaboration services, traceless Internet access, and discreet communications. 

Wicket: A portable misattribution device that connects to a Fognigma Network and protects single users and small groups, as well as IoT and other network-enabled devices. 

Gateway: A misattribution device for a headquarters environment or other facility, which provides multiple users access to multiple Fognigma Networks, over a hidden, protected network connection. 

Software, web development, programming concept. Abstract Programming language and program code on screen laptop. Laptop and icons company network . Technology process of Software development

Digital Transformation Technologies That Will Help Drive Growth

While the COVID-19 crisis led organizations to face vital challenges like the inability to visit customers, decreasing sales, and stalled productions, it also drove them to improve the ability of long-distance collaboration, recognize the importance of today’s new-aged technologies, and aid digital formats of business development and operations.

Digital transformations in organizations are imperative to build long-term resilience. Just by digitalizing traditional processes will not help organizations succeed. The focus must shift to using technologies that do things in a new, improved way that embraces digital transformation. So, what digital transformation technologies will help organizations drive growth?

Automation

With social distancing becoming the new normal, businesses must adapt by automating their operations as much as possible.  The benefits offered from automation is enhanced productivity and superior quality of products while keeping costs under control.

Additionally, adding automation to regular network tasks will enable services to minimize the involvement of its workforce in managing the network bringing down human error and enhancing efficiency and quality of services. 

digital transformation - Artificial IntelligenceArtificial Intelligence

Artificial Intelligence is skilled at identifying patterns from big data, and this aspect alone explains how it is significant in managing the current coronavirus crisis. The features AI applications have such as predictive analytics, natural language processing, speech recognition, image recognition, video analytics, and chatbots are helping healthcare workers diagnose and trace the spread of the COVID pandemic.

Besides supporting the healthcare industry, AI is helping sustain critical infrastructure industries like utilities, gas & oil, and transportation. Organization’s currently using AI can apply predictive analytics to map the real-time and historic data transmitted by IoT sensors on their equipment. This allows them to prevent failures before they occur, while also understanding the root causes of problems. AI makes processes quicker, more efficient, more secure, and safer. 

 

IoT Devices

When COVID first hit, the number of businesses that deployed IoT technologies skyrocketed. The worldwide number of IoT-connected devices is projected to increase to 41.6 billion by 2025. Organizations that leverage IoT in their business strategies will come out on top, especially in cases of remote monitoring and product and process diagnostics when in-person visits are not an option. IoT devices provide increased productivity, minimizes costs with smart asset management, provide intelligent supply chain solutions, and analytics allowing organizations to unlock new revenue opportunities and enhance their customer experience. By incorporating IoT into everyday business lives organizations can track and trace assets, equipment, tools, and people.

Advanced Analytics 

Uncertain times and competitive markets make it crucial for organizations to access the right data points and make informed decisions. By using data-analytics solutions, a business can be active and responsive to progressing situations. Advanced analytics will also allow organizations to identify risks and take action before major impacts.

Software That Allows Employees To Do Their Job Anywhere

With many organizations continuing their work from home structure, software like Fognigma, drives organization unity and security while building resilience even while remote. With Fognigma, users can create and deploy custom VPNs in minutes, complete with secured communication and collaboration solutions like video conferencing, secure file shares, VDIs, encrypted telephony, and user-specific message and file encryption for effective productivity.

Everything inside a Fognigma VPN is completely protected from observation, interception, and tracking, securing not only users but company data as well.

Icons Isometric-21

Mobile Device Security: Four Attacks to Look Out For

According to Forbes, 60% of people use a mobile device for work purposes. As mobile usage continues to increase, so does the risk of organizations mobile device security. 

Earlier this year, Amazon CEO Jeff Bezos’ mobile device was hacked through a specially coded WhatsApp message. 

This incidence raises an important point: if one of the most successful technology companies is vulnerable to a data leakage attack, then so are other companies. Mobile security is a major concern for companies in 2020. Nearly all employees routinely access company information through their mobile devices. As with other forms of hacking, knowledge and prevention are often the best defenses against attacks. 

Here are a few of the most common types of mobile devices attacks that are hurting your company: 

1. WiFi Interference

Mobile devices are only as secure as the networks they use to transfer data. Network spoofing attacks continue to increase, but employees often skip securing their connection and instead rely on public networks. This leaves the door wide open for cybercriminals to steal private information. Connecting  to an effective VPN is a simple way to close these doors and save companies from data loss. 

2. Data Leakage

Data leakage, also known as data breach or data spill, is the act of releasing secure or private information to an untrusted environment. This happens when users improperly setup apps on their mobile devices and inadvertently allow apps to see and transfer their information – which is exactly what happened to Jeff Bezos earlier this year. 

Another great example is an employee tracking workouts at a company gym, revealing the headquarters location. 

Data leakage can also be caused by accidental disclosure. Due to the small size of a mobile screen, users sometimes select the wrong recipient when sending information. It’s a simple mistake, but the consequences can be severe. 

3. Social Engineering

Social engineering is one of the top causes of data breaches on mobile devices. These threats typically start with email. Mobile email applications often only display the name of the sender, which makes it extremely easy for an attacker to pose as a high-level user in an organization and fool unsuspecting employees into sharing sensitive information or granting remote access to protected resources. Employees should always be skeptical of email requests for system access or sensitive data. 

4. IoT Devices & Out of Date Software

Internet of Things - Dexter Edward

These days, the latest lightbulbs, refrigerators, thermostats, TVs, tablets, e-readers, and watches might have more in common than you’d expect. Many are part of the IoT, or Internet of Things. An IoT device generally refers to any internet-enabled piece of technology that you might not expect to have internet access, and often doesn’t require human operation. 

And when it comes to network security, that internet-enabled thermostat or refrigerator might not be so “smart” after all. Any device connected to a network is a potential threat, and many IoT devices have glaring flaws in their security, and often unsecured software and unencrypted communication.

Many of these devices are not supported with software updates – essentially becoming an open door for hackers. As the popularity of IoT devices continues to grow, it’s imperative that users understand their flaws and how they can compromise a network.

 

What  can you do to enhance the mobile device security in your organization? 

1. Implement a strong company policy on mobile security. 

This might sound like an obvious solution, but a little can go a long way. Incorporating security requirements into training, policies, and everyday activities can help ensure employees adhere to proper security practices when using mobile devices. 

VPN - Dexter Edward

 

2. Invest in effective VPNs that are easily accessible for employees who work on the go. 

VPNs provide a convenient means of accessing a secure network for accessing sensitive resources. When it comes to everyday users, sometimes accessibility and ease-of-use are the best solutions for preventing security mistakes. 

3. Enforce two-factor authentication (2FA) on necessary applications. 

Though mobile devices bring new risks, they can also provide solutions. 2FA provides an additional authentication step during the login process that requires a code that’s sent to a specified 2FA device. With this method, an attacker with access to a set of user credentials will be unable to sign in without access to the user’s device. 

In this new decade of cybersecurity threats and solutions, is your company incorporating enough mobile security practices to ensure its safety? 

Dexter Edward offers a secure, customizable, and user-friendly VPN service that includes communication and collaboration services, file sharing, and much more. 

Contact one of our industry experts today to learn more about how we can protect your organization in the new age of mobile security threats.

Mission Partner Network-01

IoT Encryption

IoT is Everywhere

Look around you. The normal household or office has at least one smart device (collectively called the Internet of Things, or IoT for short) nearby. Some have more. Some have many. They are useful, save time, and (let’s face it) fun. But just as the stick you played with as a child could have turned around at any moment and poked your eye out, so can the IoT devices of today puncture your Internet security without proper IoT Encryption.

Are we saying you should round up all your IoT devices and throw them into a burning cauldron? Of course not. Though they are all potential vulnerabilities, that doesn’t mean they can’t be protected.

IoT Encryption is Needed

By 2020, Cisco estimates the number of IoT devices will be around 50 billion. One year later, as Cybersecurity Ventures points out, the estimate increases so that there will be roughly three times as many IoT devices as there are people on the planet. Let that sink in for a second: three IoT devices for each human on Earth — all in just two years’ time. Three Internet vulnerabilities for each person on the planet. It’s time for action.

“But why are IoT devices so vulnerable and how did we get into this mess?” you ask aloud to Alexa and Siri. Siri isn’t listening, but Alexa offers to order you an economy pack of paper towels to clean up the “mess.” The short answer to your two-part question is money.

IoT Devices on desk

People like devices they can talk to, devices that let them do things from afar, and devices that let them take control over their world (even if just in such a small way as customizing the color of a light bulb). Companies saw this like of such devices and began pumping them out at insane speeds. Other companies ripped off (or reverse engineered or both) the tech from these first companies and started selling budget IoT devices. This is how we got to the size of the mess. But what about the actual mess?

The mess part involves the software on the devices themselves and the way this software interacts with the Internet. Quite often, especially for the budget IoT devices, the software is composed of copy/pasted, Frankenstein-ed code that accesses the device in your home or office and passes through an Internet portal. This is how you can click an app at work and turn on a light at home. These are the holes in your security we were talking about earlier.

Now, big companies are always testing, improving, and updating their code to improve their customers’ experience and, more importantly, to make their devices more secure. But sometimes they don’t. Often (for both big companies and budget IoT device companies), there is little care about the security of the product, as the company makes its money on the sale and (quite often) the service the product offers. Once the company has your money, their goal has been achieved. But this lack of updates leaves devices vulnerable. And thus, the hole in your cybersecurity becomes a tear.

IoT security

A solution is needed to protect your organization from these tears. Of course, you could just get rid of all your IoT devices, but that’s not going to happen because they are just too much fun (okay, and some are very useful). IoT devices are not just gimmicks or novelties—many have an actual use in your organization. The only solution is to protect them since they won’t protect themselves. We do this by surrounding them with the encrypted protection of Fognigma.

IoT Encryption is Here

Fognigma is a patented enterprise software solution that allows organizations to build invisible, encrypted, and secure networks. [For more information, please visit the About page at http://staging.fognigma.com/why-fognigma/.] Users connect to their organization’s Fognigma network(s) using software (desktop client or mobile app) or hardware options (a Gateway to protect an entire facility or a Wicket to protect a computer, phone, or office).

Let’s zoom in on the Wicket, since it protects devices and not facilities. A Wicket is a small, portable piece of hardware that can be installed between your router and the public Internet to protect multiple devices. Once configured, the Wicket routes all your Internet traffic through a Fognigma network, protecting it with FIPS 140-2 Validated, cascading AES-256 encryption. To protect a single device, a Wicket is configured between the device and your router to attach to a Fognigma network. This small, portable device will help plug all your IoT cybersecurity holes and tears.

An example: You plug a color-change IoT lightbulb into your desk at work so you can have a disco party each Friday. The bulb reaches out through your organization’s Internet connection to a portal run by the manufacturer and then back to the app on your phone. A third-party evildoer can see that there is a connection from your phone to the portal and from the portal to a device inside your organization’s cybersecurity shield.

IoT lightbulb

This gives the evildoer two things: the proof needed to associate you with your organization and a path to follow to breach your organization’s defenses. It’s obvious how bad the second part is, but the first is equally disastrous. [To learn more about why association can be devastating to your organization, read our blog entry on the importance of dissociation.] When connected to a Wicket, however, what a third-party evildoer can learn is decidedly different as the device is enveloped in an invisible shell of, in this case, IoT encryption.

Your app’s connection to the portal will still be visible, as will the portal passing on information to somewhere. BUT the somewhere will not be associated at all with your organization. You see, Wickets allow traffic into Fognigma, but when traffic leaves it goes through an exit point created by your organization to exist almost anywhere in the world. And once that signal passes into your Fognigma network and back to the IoT device, it is invisible to external observation.

This is how Fognigma assists with IoT encryption. This is how Fognigma can plug the holes insecure IoT devices can rip in your cybersecurity. This is why you should contact Dexter Edward today for more information or to schedule a demonstration.