The workplace today is dominated by mobile devices. Employee interaction via smartphone or tablet has become second nature. They will very likely use them to check work emails, download files containing customer information or access privileged network content remotely without a second thought. Unfortunately, accessing information in this way is inherently insecure. Whether it’s Internet snoopers at the airport, a stolen or lost device or state-sponsored surveillance company, confidential information can all too easily fall into the wrong hands. For this reason, implementing secure business communication techniques that protect the privacy of mobile data – on the device, in transit and at rest – has become essential. The answer lies in a combination of security best-practices and encryption-based technologies such as virtual private networks (VPNs).
A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.
A VPN needs both a client and remote gateway. While NCP offers a complete solution with Secure Enterprise Client and Secure Enterprise VPN Server, some manufacturers only develop their own gateways. Client software is then purchased from another company such as NCP. This type of cooperation is rare in the security sector, as the compatibility of the products is very important and may not meet all the requirements of a given scenario. This is not the case at NCP which shows that partnerships without compromise can be achieved in the security sector. NCP has been working with Juniper Networks for many years and this partnership recently reached a new level of cooperation.
People are often quick to adapt – now we don’t seem to blink an eyelid when we read news about another hacked server and the loss of a few million records of personal data. Only the most spectacular cases often attract our attention such as an attack on a high profile target like the German parliament or incidents where vast amounts of data were stolen, for example the Yahoo breach. And the bar is constantly being raised of what needs to happen to catch our attention. News which used to grab headlines throughout the media is now limited to specialist magazines or blogs. Nevertheless, companies are paying attention to such threats as a high priority. A study by PriceWaterhouseCoopers lists cybercrime as the second most reported economic crime. In the study, 32 percent of companies said they had already been victims of cybercrime and 34 percent expected an incident in their company over the next two years. Analysing the development of cybercrime in the last few years reveals interesting trends. A infographic on Bestvpn.com lists the 10 most serious incidents according to the impact or the quantity of stolen data. Although the list is based on incidents in America, the findings are impressive. Even the last place begins at 50 million data records stolen from the retailer Home Depot in 2014.
The RSA Conference (RSAC) is always a major highlight in the IT security professional calendar and this year’s show was no exception. In this blog, NCP engineering reviews some of the standout enterprise machine-to-machine (M2M), mobile client and cloud security trends to emerge from RSAC 2017. The show is also a win-win for NCP. Our strong track record with US technology partners means that NCP is well-known to US-base customers and prospects. At the same time, our experience in fulfilling Industrial Internet of Things (IIoT) or Industry 4.0 projects in Germany means we had a great deal of knowledge and insight to share with prospects in this security segment, one that is in its early stages in the United States.