Categories
Computers & Software Media & Communications Professional Services Technology

The Massive Data Breach at LastPass Tied to Hack of Senior DevOps Engineer’s Home Computer; Users Urged to Change their Passwords

On the 28th of February, the password manager maker LastPass revealed that the massive data breach it encountered last November involved the compromise of a DevOps engineer’s home computer.

The breach was the result of one of the engineer’s forgetting to upgrade Plex on their home computer, which put a decrypted vault available to only a handful of developers into a hacker’s hands. The vault allowed the threat actor to hold sway over a shared cloud-storage environment among others and ultimately, exfiltrate Amazon S3 vault backup encryption keys, reported The Hacker News.

Breaking Down the Breach at LastPass

Before this massive hacking at LastPass, the company experienced a security incident disclosed last August. In this incident, an unauthorised third-party exploited a developer’s compromised account to steal source code and “proprietary LastPass technical information”.

On 22nd December, the password manager service detailed that the threat actor infiltrated the company’s system during the second incident by exploiting data stolen from the first incident. The backup of partially encrypted user vault information that the hacker managed to copy included passwords, website URLs, and usernames. 

“The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources,” LastPass said.

Now, in Monday’s update, the company said that even though the first incident ended on 12th August, the hacker “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” up to 26th October.

According to the company, during this time, the hacker managed to execute the second attack. 

This second intrusion particularly singled out one of the four senior DevOps engineers with access to the corporate data vault executing a keystroke logger malware on their computer. The target was to steal the master password as it was entered by the hacked engineer to access the corporate vault. 

The threat actor exploited a three-year-old, now-patched security vulnerability on Plex Media Server software to gain code execution on the engineer’s computer.

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” explained LastPass officials. “The threat actor was able to capture the employee’s master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer’s LastPass corporate vault.”

Tracked as CVE-2020-5741 (CVSS score: 7.2), the vulnerability was patched by Plex in version 1.19.3.2764 released in May 2020. 

“Unfortunately, the LastPass employee never upgraded their software to activate the patch,” Plex said in a statement. “For reference, the version that addressed this exploit was roughly 75 versions ago.”

In Monday’s update, the password manager company said that the tactics, techniques, and procedures (TTPs) used to execute the first breach were different from those used in the second one, making it tough for the investigators to correlate these two incidents. 

Educating Employees on Cyber Behavior Can Help Dodge Breaches

Ensuring employees have access to essential tools and providing them with training on cyber behaviour is critical to minimising the risk of cyber threats. 

For organisations looking to develop a security culture improvement program to ensure no cybercriminal can hold sway over sensitive business information, leveraging a human risk management solution such as CultureAI is a sensible decision. 

Wrapping Up

LastPass detailed the steps it has taken as part of the company’s effort to investigate and respond to the security incident. The company also suggested its customers reset their passwords as an additional security measure.

Categories
Computers & Software Technology

JFrog Brings Canon 2.0 into Action to Revolutionise C/C++ Development

Earlier this March, the leading liquid software company, JFrog has reportedly brought Conan 2.0—a major new version of the open source C/C++ package manager—into action.

With this release, JFrog is committed to helping developers reproduce artefact builds securely while speeding up product delivery at scale, reported Yahoo!Finance.

“For organisations designing applications for high-performance, embedded, and IoT use cases, Conan 2.0 gives visibility of dependencies across their entire software supply chain so they can move forward with confidence and peace of mind that their software supply chain is secure.” explained Diego Rodriguez-Losada, lead architect at JFrog and co-founded of Conan.io. “Conan 2.0 was built with and by the C/C++ community. At JFrog, we are honoured to be fuelled by open source and excited to give back this powerful version of the package and binary management.”

The beta version of Conan 2.0 was released in June 2022. JFrog released the first version of Conan in March 2018.

What Is Conan 2.0?

Featuring a new public Python API, cleaner syntax, a new graph model, and new build system integrations, Conan 2.0 facilitates the modelling of sophisticated C and C++ application dependency graphs and software binary packages.

Conan 2.0 New Features & Capabilities

This release offers an advanced enterprise-ready package management framework that brings next-gen flexibility and high-end security, offering new custom commands, public Python APIs, and multiple new extension points for app development. 

With its high-end C/C+ artefact management functionality, developers can create safe and optimal builds with significant enhancements.

The Requirement Traits, enhanced Graphs, and Package Types help developers comprehend the relationship between dependencies effortlessly. JFrog claims this feature will allow developers to reuse binaries efficiently.

By incorporating new tools, Conan 2.0 release can enable seamless and continuous integration for large and involved C/C++ projects.

Lastly, lockfiles allow users to ‘pin down’ all types of software dependencies and tap into better security and scalability. This release provides companies with a solid framework for reproducing builds and accelerating CI/CD pipelines without compromising agility. 

Conan is a fully decentralised dependency manager that allows developers to encapsulate all artefacts of a C/C++ project while also helping distribute and consume them in other projects. Users can store these project artefacts as a Conan Package that can be searched and accessed via the central repository called Conan Center.

Brief Overview of the JFrog Platform

Compatible with on-prem, self-managed, or cloud environments, the JFrog platform helps automate, orchestrate and attest to a user’s pipeline’s integrity across self-managed, on-prem and cloud environments.

Enabling 50+ tech integration, this leading software supply chain platform ensures effortless and accelerated software development pipeline. 

For organisations looking to evaluate or optimise their JFrog products, investing in a JFrog software partner like Automation Consultants is a sensible business decision. 

A high-end JFrog licensing service helps save time and money on procurement while ensuring simplifed software management. 

Wrapping Up

In its recent Software Artefact State of the Union report, JFrog shed light on the fast adoption of the new release of Conan among companies dealing with designing IoT, embedded, and edge applications. JFrog registered a 5.2X increase in Conan 2.0 users last year.

Categories
Computers & Software Technology Telecom U.K U.S

Can Artificial Intelligence Carry Out Penetration Tests Without Human Intervention?

Penetration testing, or pen testing, is part of any business’s cybersecurity arsenal. It helps organisations identify ways in which threat actors could exploit the weaknesses in their IT infrastructure.

Once identified, these vulnerabilities can be patched or mitigation plans put in place.

However, with artificial intelligence (AI) being used by cybercriminals to create malware, one might wonder if the reverse could be true as well.

That is, could AI help bolster cybersecurity?

The thing is, pen testing requires a human. But, we’ve seen how ChatGPT interacts with people. Could the chatbot also make decisions like a person to “attack” a system to find out how secure it is?

What Is Pen Testing and How Is it Different From Vulnerability Scanning?

A strong cybersecurity stance requires active as well as passive measures. Passive security is taken care of by firewalls and antivirus software. 

Active security, on the other hand, requires the business to constantly assess its systems for weaknesses. Any that are found can then be fixed.

Two of the active measures for cybersecurity are pen testing and vulnerability scanning.

Pen testing is undertaken by a skilled ethical hacker. The person—actively and creatively—tests the organisation’s network, application, and endpoints. If they find any exploitable vulnerabilities, they carry out attacks to see how successful they are.

In short, they simulate what an actual hacker would do if they were trying to attack the business.

Vulnerability scans, on the other hand, are automated. They simply help the business identify potential issues. These scans don’t offer any insights into how the weaknesses could be exploited.

It will, however, rank the identified vulnerabilities in terms of priority. However, because it cannot determine how a hacker would use the weakness, it is up to humans to decide whether a vulnerability needs remediation and mitigation.

So, Can AI Be Used for Penetration Testing?

The thing is, AI can be a handy tool in the quest for cybersecurity. It uses big data and machine learning (ML) to understand regular traffic patterns. 

Then, armed with this information, it can identify “abnormal” behaviour.

The best part is, AI can process vast quantities of incoming information in a matter of seconds. It would take a human several hours—even days—to go through such quantities of data.

That makes AI perfect for adaptive cybersecurity, where it can block users based on their behaviour.

What AI Can Do for Cybersecurity

It can also be very effective at vulnerability scanning, where it can spot and flag problems in code, systems, and networks.

It may also offer cybersecurity support. For example, it could be used for source code analysis. AI could scan the code and identify potential flaws that could be exploited.

It may also be used for brute force attack testing by, say, generating potential passwords and entering them.

It might also be possible to teach AI how to exploit a list of weaknesses and use them in a simulated cyber attack. Businesses could also use AI for quicker detection and response if they are attacked.

What it might not be able to do is creatively identify vulnerabilities that it hasn’t been “taught”. Since penetration testing does require some creativity, AI might not be as effective at pen testing as a person…yet.

For now, we need to rely on penetration testing services of reliable providers like DigitalXRAID.

Having a strong cybersecurity posture is essential for any business. Without it, threat actors could have a field day with even the tiniest vulnerability. By being proactive, one can reduce the attack surface as well as the amount of damage threat actors could do.

Categories
Computers & Software Science Technology

Yoti Achieves iBeta ISO PAD Level 2 with 100% Detection Rate: Aims to Strengthen Customer Safety

MyFace®, Yoti’s proprietary passive liveness software, has been declared as fully compliant with ISO/IEC 30107-03. The confirmation came after the product successfully passed a presentation attack detection (PAD) iBeta Level 2 audit with zero attacks getting through, reported Biometric Update.

“We’re very proud that our proprietary liveness technology MyFace has achieved iBeta ISO PAD Level 2,” said Paco Garcia, CTO at Yoti. “It’s a huge achievement for the team, and this milestone demonstrates our commitment to delivering very high standards of security solutions.”

Liveness Check Is Critical for Dodging Spoofing Attacks

With the increasing use of various authentication systems, including biometrics, the risk of “spoofing” attacks is climbing. 

As a result, businesses need to invest in robust technologies as part of a mix of tools to protect users against spoofing attacks while also ensuring a fast verification process. 

As part of the digital ID verification/authentication process, liveness uses motion detection, biometric faceprint add, and face-matching algorithms to affirm that a person is who they claim to be.

Commonly used with other authentication factors, MyFace® locks out bad actors so they cannot spoof real users. 

Unlike facial recognition, liveness does not identify a person by checking their face against records stored in a database. Rather, it’s designed to ensure that the person being verified is a real human.

And unlike active liveness, passive liveness ensures a frictionless user experience and accelerated customer verification process leading to a reduced drop-off rate.

MyFace®: Yoti’s Proprietary Passive Liveness Technology

Built on passive liveness technology, Yoti MyFace® uses a selfie image to catch presentation attacks, requiring no action from the user to prove their “liveness” (like head or hand movements). 

Upon capturing the selfie, the software evaluates whether the face is of a live, real human. It does so by processing the selfie of the user through a series of deep neural networks.

MyFace® ensures a highly accurate and reliable user liveness check by measuring performance in terms of success rates, true positives, false positives, and completion times.

By enabling immediate feedback, ease of use, and ease of access, Yoti’s passive liveness significantly boosts success rates.

“Businesses around the world can use our passive liveness and world-leading facial age estimation to keep their customers safe online,” says Yoti CEO Robin Tombs.

“Naturally, being Yoti, we have tested MyFace® for bias, and the model displays very low bias across age, gender, and skin tone.”

MyFace® Achieving iBeta NIST Level 2

Since passing NIST Level 1 with a 100% attack detection rate in February 2022, Yoti has been upgrading its technology to achieve Level 2 certification. 

Achieving level 1 certification requires a liveness solution to track down each attack and limit false negatives to less than 15%.

Nine-hundred attacks were simulated to test Yoti’s proposed MyFace® which showed zero false positives.

On the other hand, ISO/IEC 30107-3 Level 2 involves testing liveness systems against more sophisticated and specialised attacks such as deepfakes, 3D-printed artefacts, or resin or latex face masks. 

To achieve NIST Level 2 certification, a liveness service must detect 99% of attacks while restricting false negatives to below 15%.

In February 2023, MyFace® passed the presentation attack detection (PAD) iBeta Level 2 audit with a perfect 100% attack detection rate.

It means that MyFace® can restrict kids from accessing online content using latex masks of adults while also blocking bot attacks.

Categories
Computers & Software Health & Medicine Technology U.K U.S

ObvioHeath to Conduct Decentralised Clinical Trial on Mi-Helper Device: Treatment of Migraines Expected to be Facilitated

On March 16th, Mi-Helper, Inc. and ObvioHealth reportedly declared a collaboration to carry on a decentralised clinical trial (DCT) in order to analyse the effectiveness of a non-invasive neuromodulation (nVNS) device. 

This nVNS device, called Mi-Helper, is expected to facilitate the treatment of migraines.

According to NeuroNews, the device will be used for a randomised, controlled, and fully remote clinical trial where patients with migraine issues will be able to record essential data from the comfort of their homes.

The partnership will ensure a cost-effective and accessible remedy for this debilitating neurological condition that affects around one billion people across the globe.

Migraines: a Quick Overview

Migraines are described as miild to severe headaches that cause intense, throbbing pain. The burden and prevalence of self-reported migraine and severe headaches in the adult population in the USA are high, affecting more than 39 million Americans, according to Migraine Research Foundation.

In addition, roughly one in every seven adults in the U.S. suffer from migraines. The economic costs of migraine-based diseases were evaluated to be USD 36B in 2016, taking into account the factors such as loss of productivity (i.e., inability to work) and medical costs, according to the NIH.

On top of that, in a recent study published in AANP, more than 40% of migraine patients reported dissatisfaction with existing treatments because of precautions, tolerability issues, lack of efficacy, or contraindications between medications.

The Collaboration will Facilitate Migraine Treatment

With the partnership, both companies expect to devise a more targeted, effective, and non-drug pain management system for people suffering from migraines.

A small, non-invasive therapy device, the Mi-Helper delivers an on-demand stream of conditioned air intermixed with nebulised mist to the mucosa membranes in the nose to help recover from migraine pain and related symptoms, for instance, photosensitivity and nausea.

“We are working with the top headache neurologists in the world to inform our clinical studies,” said Steve Schaefer, CEO of Mi-Helper. “And, we are committed to delivering a paradigm shift for migraine treatment—fast, accessible, and affordable relief for this highly complex and debilitating neurological disease.” 

With the partnership, both companies are committed to increasing diversity in the trial by enrolling the underrepresented social, racial, and ethnic minority groups from all over the continental United States. 

“Mi-Helper and ObvioHealth are dedicated to inclusivity,” said Ivan Jarry, CEO of ObvioHealth. “By designing a decentralised clinical trial without the need for physical site visits, we can recruit patients anywhere in the continental United States, including underserved communities. This will provide Mi-Helper with essential data on a real-world population in a real-world setting and should help to ensure that the device, when launched, can serve a broad population.”

Featuring a DCT-based adaptive design, the study is expected to start enrolling participants this summer.

The ObvioGo app, which will be used for conducting remote study, is expected to improve patient centricity in the trial by allowing patients to participate, consent and document any critical conditions remotely. 

ObvioHealth has confirmed that its experienced COACH team will ensure remote and real-time monitoring of patient safety and compliance.

Categories
Business Computers & Software Government & Politics Technology U.K

Governance and Uses of AI: Using ChatGPT-4 in MVP Development

On the 29th of March, the British government released a white paper to “guide the use of artificial intelligence in the UK, to drive responsible innovation and maintain public trust in this revolutionary technology”.

In this white paper, the government has outlined five principles that should be considered by regulators “to best facilitate the safe and innovative use of AI in the industries they monitor”.

The five principles are:

  • Safety, security, and robustness
  • Transparency and explainability
  • Fairness
  • Accountability and governance
  • Contestability and redress

There is also a plan for a £2 million sandbox which will help businesses test out AI rules before they go out into the market.

The use of AI has steadily increased over the last few years, with the technology becoming more mainstream since the public launch of ChatGPT.

What Is ChatGPT?

ChatGPT, the really smart chatbot created by OpenAI, has caught the public’s attention because of its natural language processing capabilities that allow it to converse with people like a human.

Some people think it will replace search engines—no more wading through a list of pages to find the answer. Others, on the contrary, worry it might “steal jobs”.

However, since it’s here to stay, experts are exploring ways of using it. And, according to The Recursive, ChatGPT-4 can be especially useful in the development of MVPs.

Using ChatGPT for MVP Development

MVPs, or minimum viable products, are a no-frills version of a digital product. An MVP is complete and has all the features that necessary for proof of concept. However, it doesn’t include any additional nice-to-have features.

One can get MVP and software app-building services from businesses that specialise in this type of development, like Luminos Software. This company in particular will be the first to emphasise that designing an MVP is not just about coming up with the idea and rushing to build it.

To design a successful MVP, which can then be developed into a successful product, one needs to have completed market research to see if there is a need for it at all. There also needs to be a detailed roadmap, where the important features are listed and prioritised.

And, according to The Recursive, the planning stage of MVP development can be made easier with ChatGPT.

Market Research

Whilst the chatbot cannot go and interview people (not yet, anyway) for market research, what it can do is scour through search engine result pages. It can look at the search queries people are using and the results they are generating.

This information can be used by startups to gain valuable insight into what their customers are looking for and what the market needs.

Financial Decisions

Startups can use ChatGPT as an autonomous business consultant to develop a narrative for potential investors. The tool has access to a vast amount of data that it can use to generate insights. 

These can help in creating accurate budgets, resource allocation, and investment decisions.

Idea Validation

The ChatGPT chatbot has been quite handy in helping people refine ideas because one can use it as a sounding board. It has access to the information available on the internet—as long as that information as published online before September 2021. 

It can carry out a discussion, offer suggestions, and come up with solutions. That can be beneficial to the process of verifying concepts and developing ideas.

The tool can also be utilised for prototyping, where it may run user testing, recommend improvements, and simulate new products.

Better and Cheaper Decision Making

Thanks to its access to vast amounts of data and its processing power, ChatGPT-4 has made decision-making simpler and cheaper. It can automate certain tasks and sift through data in a shorter amount of time than a human can.

That is not to say that it can replace developers. One would still need trained professionals to build their MVP. 

However, with AI, a lot of the planning can be done quickly and easily, without using up a big part of the initial funding on prep work.

Originally published in Geeky News

Categories
Business Computers & Software Technology

Microsoft Teams Now Empowering Users to Edit Excel Spreadsheets in Real-time; User Productivity Expected to Improve

The software giant Microsoft is reportedly bringing Excel directly into Teams. With the new update, multiple users can collaborate in real-time on a single spreadsheet through Excel Live while in a Teams meeting.

The new Excel Live version will allow users to make edits or update data during a Teams call, and the changes will be reflected in the spreadsheet in real-time, according to techradar.

“Until now, sharing spreadsheets within a Microsoft Teams meeting has been a fairly one-sided experience. You share your screen, and everyone else watches while you navigate through the workbook and update the content. But what if your group could use that meeting time more efficiently to get the work done together? Building on what we’ve learned and the evolving needs of today’s workplace, we’ve created an enhanced collaboration solution for working on Microsoft Excel workbooks—Excel Live—empowering your group to collaborate in real-time within your Teams meetings,” explained a member from Microsoft’s Tech Community.

Excel Live in Teams

Excel Live is built on top of the Live Share feature of Microsoft, described by the company at its Build 2022 developer conference.

Previously, meeting attendees were required to open Excel documents and share their screens. However, this process creates conflict, thus negatively impacting users’ productivity.

The new update of Excel Live will allow owners to choose the workbook file they want to share with others and edit directly while on a Teams call. Upon sharing the file, they can grant editing permission to specific meeting attendees or allow all participants to edit the workbook from the Teams meeting interface.

Microsoft expects the new update of Excel Live will make collaboration on Teams meetings seamless, delivering a frictionless co-working experience. 

In addition, by enabling users to co-edit Excel spreadsheets right from within the meeting window, this new Teams feature will eliminate the need to switch between multiple windows, thus saving time in consolidating content after the call.

The new update has a scheduled rollout date of April 2023 and will be available on PC, iOS, and Android devices. 

Microsoft Striving to Fortify Customer Experience

Microsoft has been working on updating Excel and Teams as part of its effort to fortify customer experience. 

For example, it has recently added a new “@mentions” expansion which is expected to enable users to tag their co-workers, both within their company and outside. 

On top of that, by releasing the spreadsheet software update last year, Microsoft has rectified an obvious drawback dating back several years: Excel users can now drop hyperlinks into comments added to spreadsheets.

To make presentations more accessible, Microsoft has recently introduced the Closed Captions feature with PowerPoint Live for Teams meetings. 

Moreover, Microsoft is poised to give Excel a deep AI boost by bringing out an assistive AI system, FLAME AI. An AI developed for Excel-specific tasks, FLAME is expected to make automation in the Excel app more efficient.

Excel charts have now become the go-to choice for many when it comes to making a large volume of datasets easily comprehensible. By recapitulating massive troves of data in visual form, Excel charts help professionals assess key trends, evaluate key values at a glance, and more. 

However, despite releasing a number of updates, the built-in Excel charts and graphs are still overwhelming to work with. 

For example, formatting functionalities are limited with some types of Excel charts, which make the process of creating professional-looking PowerPoint presentations arduous and time-consuming. 

For professionals who are often required to make PowerPoint presentations with great-looking charts, investing in high-quality add-ins such as think-cell is a sensible decision.

With less formatting and fewer clicks, PowerPoint add-ins enable users to create charts directly in PowerPoint, thus significantly saving working hours. 

Wrapping Up

Microsoft expects the new Excel Live feature in Teams will allow users to collaboratively edit Excel spreadsheets while making file sharing in meetings more seamless than ever before.

Categories
Arts & Entertainment Computers & Software Media & Communications Society & Culture Technology

How AI and Cloud-Based Filmmaking Could Redefine the Way Videos & Films Are Made

Social media users and visitors on image and meme-sharing sites must have seen the image of the pope in a fancy jacket that’s been doing the rounds. The image is fake, of course. It was created by the artificial intelligence (AI) image generator, Midjourney.

The platform has since discontinued its free trial, citing “extraordinary demand and trial abuse” as the reason.

The thing is, AI–generated images are not the only thing taking the content world by storm. AI and the cloud are also changing the way videos are being made and edited.

In an article by Forbes, the author discusses how film and TV show production is being transformed by AI and camera-to-cloud technology.

Using AI in Film Production

AI technology has been used to change the appearance of actors, going as far as to make them look younger. This can be seen in the Miramax feature, Here, starring Tom Hanks and Robin Wright. Both actors start as younger versions of themselves and age through the course of the film.

For agencies, this can be a good thing as their best-selling actors can be made to “last longer” and be suitable for a larger variety of roles. 

However, creatives are insisting that technology can only support human creativity, not replace it.

AI can be very useful for sifting through information that might be tedious for humans to go through—like finding a scene from a longer piece of footage. This feature then frees up human creators to focus on other, less “automatable” tasks.

Camera-to-Cloud in Film Production

Michael Cioni, Adobe’s senior director of global innovation, claims that by 2030, all electronic assets in the media and entertainment industry would be “generated in the cloud, by the cloud.”

According to Cioni, edits and effects would be added to pre-shot scenes simply by telling the computer to do so, using text-based commands. For example, he said, one could shoot a scene and then add rain to it simply by typing “make it rain”.

Filmmakers would be able to create a rough “assembly” with basic visual effects, colour correction, and sound design. That would then be passed on to specialists to be refined.

Cloud-based filmmaking would also mean directors could collaborate with each other, even when they aren’t in the same physical location. It could also speed up short projects like music videos and advertisements.

In short, AI and cloud-based tools are being touted as a way to enhance productivity by delegating mundane tasks to them.

Legal Implications of AI in Filmmaking

However, lawyers are advising that contracts with “language that purports to control the right to simulate an actor’s performance are void and unenforceable until the terms have been negotiated with the union.”

This fact can be quite divisive as some actors might want to take advantage of technology to extend their “viability”. However, there is a concern that it might be used as a way to avoid paying for digital performances since they technically aren’t being played by the artist.

Content generation using AI has led to an authenticity concern, especially with deep fakes that seem extremely realistic.

Actor Keanu Reeves, who has been quoted as saying he finds the idea of deep fakes “scary” often has a clause in his contracts that forbid digital manipulation of his performance. Interestingly, this clause dates back several years—decades, even—when a production added a virtual tear on his face. 

According to the actor, any performer might expect the footage to be edited with their consent. However, deep fake is different, as it has no input from the performer.

Of course, this technology is still mostly limited to films and television productions. Corporate videos still require the services of video production companies, like Bold Content(Check out Bold Content’s contribution to encourage girls into STEM studies.)

However, with AI taking over so many tasks, it remains to be seen whether it will help enhance filmmaking or “take away jobs” in yet another industry.

Originally published in Geeky News

Categories
Computers & Software Professional Services Technology World

Help Net Security Discusses How Passive Cybersecurity Awareness Training Might Not Be Enough Anymore

There was an article on Help Net Security that claims that the era of passive cybersecurity training is over. The article discusses how, despite people realising the need for improved cybersecurity, there are still vulnerabilities that leave businesses exposed to cyber threats.

The aforementioned statement is based on the key findings of a survey conducted by Action1. These are presented here:

Breaches Due to Known Vulnerabilities

The survey found that 10% of the respondents had suffered from a cyber attack in the past year. And, out of them, 47% were through known security vulnerabilities.

49% of the respondents said phishing was the most common attack vector, and over half (54%) reported they lost control of their data due to ransomware attacks.

Lack of Support from Executive Teams

Several IT teams reported that they didn’t receive adequate support for cybersecurity initiatives from upper management. That, according to them, has been a critical threat to the business’s cybersecurity posture.

The teams also reported that they often were too busy with operational issues to be able to adequately take care of cybersecurity.

Inadequate Response Time and Remediation Efforts

According to the respondents, the time taken to identify vulnerabilities, failure to prioritise security issues, and the delays in remediating known vulnerabilities might cost their companies in security breaches.

Not Enough Cybersecurity Awareness Amongst Employees

The survey reported that employees need more time to improve their cybersecurity awareness. That means organisations are more at risk through phishing and other cyber attacks.

Based on these findings, what can businesses do to reduce their risk of cyber threats?

Manage Security Vulnerabilities Better

Since known vulnerabilities are often the ones exploited by threat actors, it is essential for businesses to manage and patch these flaws as soon as possible.

Use Automation to Reduce Cybersecurity Costs

Executive teams might not see any direct benefits of spending on cybersecurity, even though a cyber attack can end up costing the business a lot. However, IT security teams can use automation to lower their costs. This can be useful in arguing their case for a stronger cybersecurity posture.

Improving Cybersecurity Awareness

Since any cybersecurity strategy is only as strong as its weakest link—the employees—it is imperative that they are educated on the threats they might face and how to tackle them.

Communication channels are the preferred mode of social engineering attacks. Data stolen from other sources can be used to customise messages to make them more personalised and appear trustworthy.

With such attacks on the rise, employees should not only be equipped to identify phishing attacks but to also understand the importance of verifying before trusting.

Moreover, threat actors are now also using AI to generate malware, which, depending on how it’s used, might be more sophisticated than the average, run-of-the-mill computer virus.

In other words, businesses need to reduce their reliance on passive cybersecurity training.

Luckily, instead of a six-hour training session, which will be forgotten within the week, there are tools to help with ongoing training and monitoring. One such tool is CultureAI—a platform that helps “improve cybersecurity behaviours and reduce security incidents caused by employees”. 

The platform offers human risk monitoring, security awareness coaching, employee security empowerment, and human risk response.

This platform can help alleviate some of the problems faced by businesses, such as poor cybersecurity awareness among employees, lack of knowledge on how to deal with potential risks, and what to do when an employee is at risk.

Categories
Computers & Software Professional Services Technology

Can Digital Transformation Make the Life Insurance Industry More Empathetic?

Life insurance is one of those things that regular people don’t fully understand. Calculating premiums is a complex task that takes various factors into account. Then there are different types of life insurance policies, which makes it difficult for someone to choose from. Then there are the anecdotal reports of people not getting a payout because they didn’t have enough coverage.

The thing is, if the beneficiary is making a claim on a life insurance policy due to the death of the policyholder, it’s already a sensitive time for them. If they are told they are not eligible for a payout at that time, it can affect their perception of the company.

And, it will definitely affect how other people close to them view the insurance company.

At the same time, insurance companies have to follow rules as well. They have to ensure that the terms of the policy are being met. 

This conundrum has led to people not trusting insurance companies and “keeping their distance”.

However, there is an unlikely mediator who could help the industry build a better relationship with customers.

The Use of Technology in the Insurance Business

This author has already discussed the benefits of the insurance industry using AI to deliver a better experience to customers. However, digital transformation can be used to improve user experience across the board for all customers.

In fact, insurance software provider, Zinnia, has said that life insurance quoting software products is not the only way to keep customers happy. 

The key is to provide great customer service throughout the process.

The best part is, technology can also make insurance companies show more empathy to clients. 

However, building a relationship starts much earlier than that stage, so here’s how technology can make life easier for customers.

Demystifying the Onboarding Process

This article touched upon how the initial stages of purchasing a life insurance policy are so complicated that they put people off. 

Technology is already making this phase easier through automation.

Insurance companies are leveraging technology to allow potential customers to register themselves quickly and easily. They no longer need to navigate through complex options.

Optimising Customer Communications

With the rise of AI chatbots, insurance companies no longer need humans manning phones. Well, they do, but a vast majority of queries can be answered using automated responses.

In fact, if companies invest in consolidating their customer data, the customer can communicate with the company through any channel of their choice without it being disjointed.

Technology can also be harnessed to customise the user’s profile so they get marketing communications tailored to their needs. That means they get offers and promotions that are relevant to them, and not what they’d consider spam.

Humanising Payouts

As mentioned earlier, when beneficiaries make a claim on a life insurance policy, they are already going through a difficult time. The post-death processes of a loved one can take an average of 420 hours across months.

It makes no sense to make them jump through hoops when they and their families are already grieving.

Using technology, companies have made it easier for claimants to file claims digitally. Others are going the extra mile by using technology to provide support to grieving families. These include grief counselling, funeral assistance, and logistical as well as emotional support.

The Tech–Human Balance

Whilst technology can be an excellent tool, it can never replace the human touch. Insurance companies can use automation and AI to streamline their processes, but empathy has to come from the people. 

However, digital transformation can be very useful in making the lives of their customers easier. That, in turn, will help mitigate some of the “bad press” the insurance business gets. And, eventually, it might even help these companies build stronger relationships with their customers.