OVUM Report Highlights NCP’s Secure Remote Access Technology and Expansion into IoT and IIoT

We recently briefed Rik Turner, Principal Analyst of Infrastructure Solutions at OVUM Consulting, on our VPN client software (IPsec and SSL), VPN gateways, central management consoles and personal firewall product, Net Guard. Given our extensive experience in the manufacturing and process industries, we discussed the expansion of NCP technology into the Internet of Things and the Industrial Internet of Things.

Does Bringing an ’Ethical Hacker’ In House Pay Off?

A study last year estimated that the global losses from cybercrime ranged from $375 to $575 billion – for just 2014 alone. This figure is only expected to get higher with each passing year as cybercriminals become more sophisticated, and their ranks grow with more opportunistic hackers looking to cash in on an increasingly lucrative trend. Given that, it’s easy to see how and why panic among both enterprises and SMBs might start to set in. What’s most troubling about the cybercrime phenomenon is not only the amount of money or information that could be stolen, but how much businesses need to spend just to protect themselves. Adequate cybersecurity protocols aren’t free, and even when a company has put expensive measures into place, there is no guarantee that they will catch every single potential threat – all it takes is just one malicious email, or one spear-phishing attempt, to make it through, after all. One innovative method that businesses have explored is employing an in-house “ethical hacker” to identify potential security risks and patch them ahead of time. Essentially, these personnel are former hackers who may have used their skill sets for illicit means – stealing bank account information, breaking into corporate databases, committing identity fraud – but are now being turned legitimate by companies looking to take advantage of their skills for more beneficial purposes. Instead of hacking into the enterprise’s systems to steal something, these ethical hackers instead hack into the company’s systems to exploit certain cybersecurity vulnerabilities, essentially attempting to beat the bad guys to the punch. Once they have identified a company’s major security flaws,...

The Lessons of Cybersecurity Awareness Month and What to Expect in the Year Ahead

For 11 years now, the U.S. government has recognized October as Cybersecurity Awareness Month. While the original goal may have been to acknowledge the growing risks that cyberthreats pose to national security, it has – unfortunately – become all too clear in recent years that cybersecurity is an issue that affects not just government agencies, but anyone and everyone, regardless of industry. Consider how, in the last few years, claims of identity theft and tax fraud have skyrocketed, targeted data breaches at major companies – from big banks to retailers to healthcare providers – are compromising millions of records containing personally identifiable information (PII) and the IT departments responsible for safeguarding against these risks seem virtually powerless. And with businesses progressively moving their operations online – shifting email, files and other data into single-vendor cloud platforms like Microsoft Office 365 or Google Apps – these risks and their ripple effects will only continue to grow. As our lives become increasingly digital and interconnected, implementing proper cybersecurity and staying one step ahead of new threats will only become more important. To that end, and as Cybersecurity Awareness Month winds down, here are a few cyber risks you should put on your radar to protect yourself and your data in 2016: 1. BYOD Workplace Policies Bring Your Own Device (BYOD) policies may allow employees the freedom to use their own familiar phones, tablets or laptops for work purposes. But, it also presents a glaring security flaw when you consider that 43 percent of smartphone users in the U.S. don’t use any kind of password, PIN or pattern lock protection – let...

How One Challenging Gig with My Band Prepared Me for a Career in Cybersecurity

Sometimes, connections between work and play appear when they’re least expected. You wouldn’t expect, for example, a guitar-shredding metal-head to carry over much from his time on stage to his career in cybersecurity, but that’s exactly what happened to Julian Weinberger, CISSP and Director of Systems Engineering for NCP engineering. Julian isn’t performing in the U.S. anymore, but during his time in Germany, one gig in particular brought so many challenges that he still thinks about it today. We sat down with Julian to discuss what happened that night. What specific event involving your band has taught you the most about working in security and business continuity? A few years ago, after hustling to line up free gigs, I landed my first paid performance. Unfortunately, I ran into myriad unanticipated issues: a string on my first guitar broke, my backup guitar didn’t work, my cable made weird noises, and, as if that wasn’t enough, my in-ear system stopped working. Although none of these issues were my fault, they wreaked havoc on the gig – and when you’re hired to entertain, you risk not being paid if you’re unable to deliver, regardless of the circumstances. It’s similar with enterprise network security. If things break — and they will — you need to be prepared with a plan to fix it. So how did you respond on stage? And what did that teach you about security? When performing on stage, technical difficulties must be fixed within seconds, and it’s the same case with security. For instance, if your microphone cuts out – or worse, your organization is faced with security issues...

OPM Breach Shows Need for ‘Nimble’ Government Network Security

No matter how you look at it, the Office of Personnel Management (OPM) is on the hook for revealing the records of millions of Americans. The only question is how many millions. If you believe the agency’s own report, then it’s 4 million. Four million current, former and prospective government employees whose personal information became public following a cyberattack conducted throughout the early part of this year. The numbers are even worse if the reports from the Associated Press, Bloomberg and other prominent news sources are accurate. They claim the number of victims is closer to 14 million. Although the OPM investigation is still ongoing, the federal government has already begun the task of investigating and explaining the attack. As White House Press Secretary Josh Earnest told reporters last week: “Protecting the computer networks of the federal government is a daunting challenge. It does require the federal government to be nimble, something that’s difficult when you’re talking about an organization that’s this large.” Earnest is right. When you’re talking about the federal government as one body, it’s difficult to imagine it being fleet-of-foot and responding effectively to new and emerging cyberthreats. On a smaller scale, though, there are plenty of government agencies, at all levels, that are getting the job done locally, and taking proactive steps that should prevent them from becoming the next OPM. Let’s look at one government agency in Iowa that’s upgraded its remote access and, in the process, is protecting its network. Read Case Study Lessons from the Heartland Iowa Vocational Rehabilitation Services (IVRS) is a state agency, headquartered in Des Moines, that partners with...

IT Security? “Yes Please,” says Uncle Sam – But Offers No Tangible Help

When it comes to IT security, government agencies around the world are aware of the challenges and risks small and medium-sized enterprises (SMEs) face. So it only figures that they offer help, in the form of initiatives aimed specifically at SMEs. Germany has one of the most active administrations in this respect, as it finances or supports a whopping 21 initiatives. And while the U.S. government would do well to follow Germany’s lead and further IT security by offering numerous assistance programs to SMEs, unfortunately, a recent study from management consultancy Detecon International shows that most U.S. initiatives are focused on admonitory finger-wagging rather than hands-on help with implementation. Yet, hands-on help is exactly the type of assistance that would have the biggest impact on raising the security level of SMEs. Most German public initiatives prioritize awareness of the issue at the upper management level. However, only a small part of the surveyed initiatives – 35 percent – can be mapped to concrete measures within the Federal Office for Information Security (BSI) IT baseline protection catalogs. Furthermore, 36 of 56 assistance programs analyzed lack a concrete goal with achievable benchmarks for success. Instead, they focus on information security as a whole and therefore try to pursue many targets at once, with a shotgun, light-handed effect. Naturally, IT security has to be approached holistically. There is no use securing remote access for employees with a VPN when a company’s Wi-Fi network is open and therefore accessible from outside the enterprise. But because SMEs have usually only limited resources at their disposal, it is important to prioritize and focus on the...