23143_Blog_080223_vFinal.1

Cybersecurity in a Post-Quantum World

It’s no secret in the cybersecurity world that traditional cryptography systems, used throughout the entire Internet, are vulnerable to quantum computer attacks. By leveraging quantum mechanical phenomena, quantum computers are powerful enough to decipher the algorithms used as the basis for the most widely used cryptography systems on the Internet, such as RSA.

But quantum computers are not yet widely available, and those that have been developed are not believed to be powerful enough to totally break existing systems. According to Matthew Scholl, Chief of the National Institute of Standards and Technology’s Computer Security Division, feasible quantum computer attacks are still years or potentially decades away. Even so, it took nearly two decades to implement modern public key infrastructure.

Given the magnitude of the impact of quantum computing across every facet of the Internet, there is a need to rethink the approach to Internet security in a post-quantum world – and experts have known this. But what does that post-quantum world look like? The landscape of cybersecurity is and has been changing, but where are we headed?

Fighting fire with fire

The good news about supercomputers is that the same strengths that make them effective weapons can also be leveraged for defensive capabilities. Quantum mechanics can also be leveraged to generate and distribute secure keys. Traditional cryptography systems can be vulnerable to brute force attacks from quantum computers, since they are powerful enough to guess potential key combinations at unprecedented speeds. Additionally, current cryptography systems cannot provide a way to detect if encrypted data has been tampered with, meaning an attacker could compromise encrypted data without being detected.

However, by leveraging quantum mechanics, it’s possible to establish shared secret keys between two users that are only know to them. Additionally, observing the quantum bits used in this system alters them, meaning attempts to intercept data would alert users.

But what about those who don’t have access to quantum computers? Until major technological breakthroughs are made, quantum computers won’t be widely available to most organizations. And your most sensitive data needs protection now.

Post-quantum cryptography

Fortunately, cybersecurity experts around the world have been developing new standards to protect existing systems without relying on quantum computers for defensive capabilities. Collaborative efforts seek to devise different approaches and assess risks and strengths. The Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) are collaborating with various partners to generate new approaches and provide implementation plans for organizations to make the transition to post-quantum cryptography.

The problem of integration

For implementation plans to be feasible for most organizations, new defensive systems would ideally be able to integrate with existing computer systems – and take far less than 20 years to implement. NIST’s Post-Quantum Project was created with the intent to gather potential new technologies to assess their security and feasibility of use. But this is a relatively new field in cybersecurity, so it will take years to develop and standardize processes to protect against quantum computer attacks.

Is your organization prepared for the shift required to survive this changing landscape? For information on how Fognigma can protect your organization against quantum computer attacks without requiring a complete overhaul of existing organizational infrastructure, systems, and technology, see the Fognigma main page, and feel free to contact us.

 
 
SOF_Week_Social_4_30_23_v02.00

Fognigma SOF Week 2023 Press Release

Dexter Edward to demo Fognigma’s secure communication & collaboration, data security, mission partner network capabilities at SOF WEEK 2023.

Dexter Edward will be attending SOF WEEK 2023 as an exhibitor from May 8-11th at the Tampa Convention Center in Tampa, Florida to demonstrate several communication and collaboration capabilities from the Fognigma product line suited for a wide variety of SOCOM operations in contested digital environments.

Fognigma is a Commercial-Off-The-Shelf (COTS) software that can create complete standalone mission environments in the cloud, complete with a variety of communication and collaboration tools incorporating end-to-end encryption, managed attribution, network & user anonymization and obfuscation, smart firewalls, and other security features. The product is now available for purchase via ITES-SW2 and SEWP V.

The following Fognigma capabilities will be demoed during the exhibition:

Speakeasy. A self-owned, cloud-hosted videoconferencing solution that generates unique, disposable, user-specific misattributing access paths to conferences.

Virtual Desktops (VDIs). Sandboxed, anonymizing cloud-hosted desktop instances deployed with a wide variety of mission tools for communication & collaboration, data collection & analysis, and more.

Holler. A cloud-based telephony solution that protects user numbers, identities, and locations through several customizable voice & SMS capabilities for a wide variety of mission communication scenarios with trusted and untrusted parties.

Wicket & Netcutter. A hardware device that protects the Internet activities of users and devices, facilitates connections to Fognigma’s private communication & collaboration networks, generates location-based network exit nodes, and provides remote LAN access capabilities.

fognigma sof week

Fognigma is a Technology Readiness Level 9 product that has been awarded nearly two dozen patents, and is ISO 9001:2015 accredited and FIPS 140-2
validated. The product undergoes regular penetration testing from multiple third parties, and new versions are developed, tested, and released regularly to improve security and add new capabilities driven by customer needs.

For more information on Fognigma’s capabilities, please visit booth #805 on the upper level at SOF WEEK 2023.

Dual Encryption Methods

Securing Your Network In A Bring Your Own Device World

When the entire world shifted to remote working, many companies did not have bulk technology available to let their employees take home to continue doing their job. This forced many to enforce ‘bring your own device’ or in other terms, they had to let their employees use their personal devices to continue working from home. Although this may seem like a benefit, the cyber security challenges and privacy concerns of using personal devices will cost companies more in the long run.

The Risks Of Employees Bringing Their Own Devices

Data Leakage

When employees access company information using their personal devices, especially from anywhere, it increases the possibility of company data being leaked. Mobile devices are the most susceptible to attacks. Additionally, mobile devices and tablets require frequent updates to prevent security loopholes, and if one update is missed and an employee has company data on their device, your company’s data becomes extremely vulnerable.

Higher Chances of Vulnerabilities

When employees access data from their personal devices, its nearly impossible for companies to track what data is saved on their devices. With that, if any employee connects to a public or suspicious WiFi signal, loses their phone, or forgets to install an update, whatever company data is on that device is at risk.

Malware Infections

Employees are not as careful on their personal devices as they need to be. If any employee unintentionally downloads malicious malware on their device, which is connected to the rest of the company’s network, depending on what type of malware it is, it could end up connecting to other devices on your company’s network. This would allow unauthorized users to gain access to usernames, passwords, and sensitive data posing a huge security risk.

Protecting Your Network While Allowing Your Employees To Use Their Own Device

Limit Access

Giving employees access to everything in the company is a huge security vulnerability. Employees only need access to the stuff they need to do their jobs. To ensure your company’s network security, you need to implement role-based access into your cyber security strategy. This limits employees access to only systems and data required for their job roles.

Two Factor Authentication

Nowadays, both passwords and physical devices can be stolen, which is why many companies are implementing two-factor authentication on their employee’s accounts. Two-factor authentication requires users to have two pieces of information to confirm identities before accessing whatever account they are trying to login to. Most two-factor authentication processes have a strong password with a second factor like a code sent via text message or phone. This ensure safety because even if a password were hacked or a device was stolen, the criminal would need the second piece of information to gain access to the account.

Enable Network Access Controls

Network Access Control (NAC) only lets devices connect to a network that are up to date on their software. Devices that are not will be denied access. This will save your company from a significant amount of vulnerabilities.

Lost or Stolen Protocols

Having a policy in place regarding when a device is lost or stolen will safeguard your data that is stored on that device. Its important to be able to remotely wipe the data that is on the device so that unauthorized users cannot use the device to access corporate data.

A Trusted Software Solution

In a bring your own device world, companies need a solution that secures their data no matter where their employees work, and what they are working on. Fognigma’s trusted patented software solution lets organization’s build secure, invisible, adaptable, networks anywhere, on any device, in minutes. Inside a Fognigma Network, users can quickly and easily deploy end-to-end encrypted, traceless communication and collaboration tools such as messaging, video conferencing, file sharing, phone calling, and more. Through Fognigma’s user-friendly interface, office administrators can create and assign users groups, ensuring employees only have access to the resources needed to do their job. Using simple software or hardware, users can instantly secure their connections and safely access company information from anywhere on any device. At the end of the workday, Fognigma Networks and resources can be destroyed in just a few clicks, ready to be redeployed the next day.

Contact us for more information on how Fognigma can protect your company data, on any device!

free vpn

The Most Important Network Security Best Practices

Thanks to COVID-19, most businesses are sharing sensitive company data, communicating with one another, and collaborating on projects virtually. Although the internet provides a great space for businesses to stay connected while most users are working from their homes. There is a downfall to this virtual connectivity – network attacks. The PwC Global Economic Crime and Fraud Survey 2020 states that, the average number of frauds per company reported is about 6, which comes out to equal billions of US dollars lost because of these crimes. With so many threats and so much at stake, even the best network security teams cannot keep up. Companies should be following these measures to protect their business against the multitude of cyber-security dangers. 

Maintain Software

One of the easiest, but most effective, solutions for network security is to update current antivirus software. Its imperative software updates are installed immediately as they become available. However, although valuable, this one single solution is not enough, especially since today’s threats are more sophisticated than ever. 

Make Visibility A Priority 

Most organizations think of their network security as a force repelling incoming enemies, and fail to realize that the people inside their walls are the biggest threat. According to Security Intelligence, 75% of security breaches come from insider threats. Most of these cases being unintentional but how can companies prevent insider threats? By monitoring their user’s activity within their network and restricting access to certain websites. By tracking what your users are doing, companies become aware of the situations and can see what actions happened that may have compromised their companies’ network.

Restrict User Permissions 

While most insider threats are accidental, the intentional ones are the ones that cause the most damage. Most insider threats are from upset or former employees who leak/steal sensitive company information. Although it is common for most businesses to restrict access for each employee, giving users access to everything is a huge security risk. To keep your company and employees safe, employees should only have access to the resources they need to perform their job. Furthermore, organizations need to realize the malicious risks associated with employees using their own devices for work purposes. By using company-provided devices you are in control of what is on it and the accesses employees have. 

Establish A Security Policy 

Just by setting clear expectations and guidelines for your users can make the biggest difference. To be proactive and see where your policies fall short, perform a security risk analysis, and make adjustments where needed. To ensure employees are contributing to your network security, provide on-going security training. Its also beneficial to have a security expert on-staff, for users to reach out to when further clarification or assistance is needed. 

Backup Your Data

A benefit of digital information, is that copies can easily be made. This allows organizations to copy their data information and store it in a separate, secure location off their network. This gives organizations something to refer to in case of a cyber-attack. It is important to regularly backup your data, so one data breach doesn’t ruin your entire organization. 

Third Parties Are Just As Dangerous

If internal users represent such a huge part of data breaches, then third parties are just as dangerous. When organizations work with third parties, they need to access company information somehow. Giving them network access will create more entry points which creates more entry points available for malicious attacks. It is important to evaluate the third parties you are working with carefully and restrict their access as much as possible. 

Education Is Key 

Organizations can have a solid security strategy in place, but if their employees are not complying, your network will always be vulnerable. Securing your data and the users using the data should be a top priority. Train your employees on how to recognize and report threats, what to do to prevent them, and using/accessing data according to your company’s policy. Educating your users on how to protect your network is a huge step towards company cyber safety. 

Be Prepared 

You never really know when a threat is going to happen, so being prepared for the worst is crucial. Organizations must constantly monitor their networks for threats, analyze and fix the threats that do come through, and stay-up-date on cybersecurity best practices and trends. 

 

Fognigma’s Network Solutions 

Fognigma provides a variety of software and hardware solutions, that allows enterprises to completely secure their network connections. All solutions are wrapped in FIPS 140-2 validated, cascading AES-256 encryption. Fognigma’s network solutions include:

Fognigma VPN: A specialized VPN built providing streamlined, user-friendly access to private collaboration services, traceless Internet access, and discreet communications. 

Wicket: A portable misattribution device that connects to a Fognigma Network and protects single users and small groups, as well as IoT and other network-enabled devices. 

Gateway: A misattribution device for a headquarters environment or other facility, which provides multiple users access to multiple Fognigma Networks, over a hidden, protected network connection. 

Software, web development, programming concept. Abstract Programming language and program code on screen laptop. Laptop and icons company network . Technology process of Software development

Digital Transformation Technologies That Will Help Drive Growth

While the COVID-19 crisis led organizations to face vital challenges like the inability to visit customers, decreasing sales, and stalled productions, it also drove them to improve the ability of long-distance collaboration, recognize the importance of today’s new-aged technologies, and aid digital formats of business development and operations.

Digital transformations in organizations are imperative to build long-term resilience. Just by digitalizing traditional processes will not help organizations succeed. The focus must shift to using technologies that do things in a new, improved way that embraces digital transformation. So, what digital transformation technologies will help organizations drive growth?

Automation

With social distancing becoming the new normal, businesses must adapt by automating their operations as much as possible.  The benefits offered from automation is enhanced productivity and superior quality of products while keeping costs under control.

Additionally, adding automation to regular network tasks will enable services to minimize the involvement of its workforce in managing the network bringing down human error and enhancing efficiency and quality of services. 

digital transformation - Artificial IntelligenceArtificial Intelligence

Artificial Intelligence is skilled at identifying patterns from big data, and this aspect alone explains how it is significant in managing the current coronavirus crisis. The features AI applications have such as predictive analytics, natural language processing, speech recognition, image recognition, video analytics, and chatbots are helping healthcare workers diagnose and trace the spread of the COVID pandemic.

Besides supporting the healthcare industry, AI is helping sustain critical infrastructure industries like utilities, gas & oil, and transportation. Organization’s currently using AI can apply predictive analytics to map the real-time and historic data transmitted by IoT sensors on their equipment. This allows them to prevent failures before they occur, while also understanding the root causes of problems. AI makes processes quicker, more efficient, more secure, and safer. 

 

IoT Devices

When COVID first hit, the number of businesses that deployed IoT technologies skyrocketed. The worldwide number of IoT-connected devices is projected to increase to 41.6 billion by 2025. Organizations that leverage IoT in their business strategies will come out on top, especially in cases of remote monitoring and product and process diagnostics when in-person visits are not an option. IoT devices provide increased productivity, minimizes costs with smart asset management, provide intelligent supply chain solutions, and analytics allowing organizations to unlock new revenue opportunities and enhance their customer experience. By incorporating IoT into everyday business lives organizations can track and trace assets, equipment, tools, and people.

Advanced Analytics 

Uncertain times and competitive markets make it crucial for organizations to access the right data points and make informed decisions. By using data-analytics solutions, a business can be active and responsive to progressing situations. Advanced analytics will also allow organizations to identify risks and take action before major impacts.

Software That Allows Employees To Do Their Job Anywhere

With many organizations continuing their work from home structure, software like Fognigma, drives organization unity and security while building resilience even while remote. With Fognigma, users can create and deploy custom VPNs in minutes, complete with secured communication and collaboration solutions like video conferencing, secure file shares, VDIs, encrypted telephony, and user-specific message and file encryption for effective productivity.

Everything inside a Fognigma VPN is completely protected from observation, interception, and tracking, securing not only users but company data as well.