Authentication is an important part of working on a computer, whether logging on, opening encrypted data or using web services like PayPal. Usernames and passwords still play an important role, even if many experts advise against using passwords as the only authentication method. Even approaches to passwords have changed over time. Until recently, experts recommended choosing complex passwords using special characters, numbers and uppercase and lowercase letters. However, many professionals now consider that complex passwords are inconvenient for users, especially if they must be changed frequently. Phrases such as a quote from a book or a sentence which is relevant to the log-in context are more meaningful for users. Such phases can easily reach more than 20 characters and are nevertheless much easier to remember than complex, eight-letter combinations of letters and numbers.
A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.
NCP has been named by Security Today magazine among the 2017 winners of its coveted Government Security Awards, also known as “The Govies”. The Govies recognize new security products across a spectrum of disciplines that share a common trait – they are all fundamentally important to IT professionals working in government agencies and their private sector partners. NCP is thrilled to receive top honors for its Secure Enterprise iOS Client, which took the Platinum award in the Network Security category. This achievement further underlines NCP’s dominance in Government remote access VPN solutions having triumphed in the same Govies category on numerous previous occasions.
The research and analyst firm techconsult issued a summary of the five major security vulnerabilities in SMEs and public organizations in Germany at the start of 2017. Their annual study Security-Bilanz Deutschland reviews IT and information security based on a representative survey of more than 500 interviews in companies and non-profit organizations. The results are sadly not that surprising each year. Although the organizations surveyed are aware of the problems and have the resources to deal with them, unfortunately they either approach issues through the wrong channels, inconsistently or too late.
When it comes to security, public authorities in any country also want to represent their interests, some more intensively than others. Germany is not lacking in initiatives and organizations that want to help companies in terms of digital security. Unfortunately, the wheels of public administration can turn very slowly, such as the recently unveiled national economic protection strategy shows. In addition to the key associations BDI and DIHK, different security agencies in Germany are involved in the initiative, including the Federal Office for the Protection of the Constitution, the Federal Criminal Police and the Federal Office for Information Security. Announced in August 2013, it took nearly three years until a significant concept was presented this week. On the whole, the national economic protection strategy is not much more than brochures and explanatory films that are intended to raise awareness of security threats among SMEs – not just in the field of IT. Practical measures such as financial support for companies to hire certified security consultants or implement security projects are lacking. Raising awareness of security threats whether physical or virtual through cyberspace is never a bad thing.