Tag Archive: malware

  1. Facial Recognition & Cybersecurity

    Comments Off on Facial Recognition & Cybersecurity

    Human beings are uniquely adept at recognizing faces and interpreting facial expressions. The average person is capable of remembering and recognizing over 5,000 unique faces instantly. We’re so good at it that we can immediately spot a familiar person up to 50 yards away. For a machine to step up to the task of recognizing faces that quickly and reliably would be quite a feat of engineering. But, of course, facial recognition technology (FR) has made some critical leaps forward in recent years.

    For FR to work, it has to go through a process of capturing images, extracting key feature markers, comparing these to a database, and performing a match search. At present, facial recognition security assets require that a would-be entrant present his or her face to the scanner, hold still for a moment, and try not to visibly emote. This kind of tech can help harden an access point against unauthorized entrants- but the limitations of the system make it easy for clever hackers to defeat.

    Here at Integrated Axis Technology Group in Arizona, our goal is to help you get the most out of any security technology you choose to deploy. At present, recognizing the cybersecurity risks of Facial Recognition is critical.

    The Risks of Facial Recognition Technology

    The best FR tech performs Capture, Extraction, Comparison, and Matching very quickly. But for an intruder who understands how the machine works, defeating the system is still possible. There is also a list of known methods to beat FR cameras. They include, but are not limited to;

    • Camera finders: detect FR cameras so they can be avoided
    • NIR LEDs: use bright lights to disrupt FR scans
    • Reflective accessories: blind camera sensors
    • Prosthetic masks: realistic masks that can trick FR cameras
    • Hair and makeup: obscure and alter facial features without looking suspicious

    FR Hacking

    For the time being, all of these methods allow people to escape detection. But only one can actually fool an FR scanner in order to gain access to a restricted location, the prosthetic mask. While these items are expensive, it is possible for a criminal to obtain them, and they easily fool most FR systems. Of course, privacy is always a concern. By making your face your key and password, that means anyone who manages to obtain a prosthetic copy of your face gains access. In a world where FR is ubiquitous, a rise in prosthetic mask crime is a predictable outcome.

    Reliability

    Automakers have begun experimenting with FR tech as a means for drivers to access their vehicles. Models that are currently in testing have a high rate of success, about 97%. But these devices succeed at lower rates recognizing women due to makeup and hair changes, and people with dark skin, which absorbs much of the light FR systems need to work.

    Privacy

    Of course, placing FR cameras anywhere poses a privacy threat to anyone who walks by them. With these concerns on the rise, we can expect to see changes to legislation regulating these devices in the near future.

    Here at Integrated Axis, our goal is to help companies in Tucson and Phoenix, Arizona cope with and overcome these risks. Our integrated It services are designed to keep you ahead of the competition- especially in areas where keeping up with bleeding-edge technology is key to remaining competitive in your industry.

  2. Business Tech: Combating Cybersecurity Risks Associated with Mobile Devices

    Comments Off on Business Tech: Combating Cybersecurity Risks Associated with Mobile Devices

    Cybersecurity is a top priority for most businesses. We recognize that owning a small or medium-sized business doesn’t protect you from hackers. In fact, they increasingly target smaller businesses because the security efforts are often much easier to get past than the larger enterprises. You have to be concerned about the rising instances of ransomware and other cybersecurity attacks. Companies today are finding that securing their own network is only part of the strategy. Unfortunately, their employee’s mobile devices also increase their risk of exposure.

    The Rise of Bring Your Own Device Culture

    Not long ago, companies were widely using a strategy that advised that none of their employees could access the network from private devices. Employees had to be on-site in order to work with documents or access the database. Today, that’s largely impractical. Employees are increasingly mobile. They access their email and log into cloud platforms from their mobile devices regularly. Disallowing this practice might severely hamper your ability to stay competitive. Not allowing personal devices is a mistake. Instead, develop a Mobile Device Policy that your employees need to follow.

    Developing a policy for your employees where cybersecurity and mobile devices are concerned is the best line of defense. This allows your employees to use the latest technology to increase productivity and improve customer service. At the same time, you’re mitigating the risks caused by devices that are not overseen by your IT team.

    Things to Consider in Your Strategy

    When developing a strategy for devices, here are a few things to consider:

    • Mobile Apps. One of the key ways that mobile devices pose a security risk is through apps that are not safe or unvetted. There are a million mobile apps available for every type of task. The best way to make sure that your employees aren’t using apps that pose is risk is by developing a list of acceptable apps.
    • Educate Your Employees. Risks through mobile devices are only getting higher. More attacks are focused on the mobile user because hackers know that people are less vigilant when they use their phone, and they use their phones far more often than other devices.
    • Don’t Use Links in Email. Users are far more likely to fall for phishing scams through mobile devices. It’s easier to detect a scam email on a larger screen.
    • Mandate Authorization. Password or facial recognition authorization should be used on all mobile devices where employees access business documentation. This is a good practice in general.

    Integrated Axis Can Help Your Team with Cyber Threats in 2020

    If you’re looking for additional help with your cybersecurity strategy, contact Integrated Axis today. Our experienced staff can assess your business and help you build the best cybersecurity process to mitigate risks.

  3. 5G and Cybersecurity Implications

    Comments Off on 5G and Cybersecurity Implications

    Cellular service has always been about speed, even from the very beginning. The lower the call drop rate, and the more dependable the connection, the better a carrier fares. As mobile phones have moved away from calling functions to become mobile computers, speed definitely matters. 5G, the common shorthand for “Fifth Generation Cellular Wireless” is the latest breakthrough in cell phone speed, but it’s more complicated than you might think.

    What is 5G?

    Strictly speaking, 5G doesn’t have a clear-cut definition – other than the fact it’s currently the fastest wireless data transmission speed. It refers to a generation of cellular speed, but within that generation, there are various definitions – low, mid, and high-band – for starters. While cellphone companies use “5G” as a sort of catch-all in terms of phone features, this isn’t entirely accurate. Just because a phone is 5G compatible doesn’t necessarily mean that it will operate at 5G speeds – only that it is capable of doing so when they’re available. The practical uses of each wireless generation tend to lag, which means we likely won’t see the apps, programs, and more that use 5G until well into 2021.

    How Can 5G Help My Business?

    One of the most exciting potential uses for 5G is an expansion of the IoT, or Internet of Things. This is the network that allows a business owner to monitor realtime stock movement in their warehouse, or determine things like foot traffic via sensors in their stores. Think of it as Bluetooth-on-steroids: it’s a vast, observable, and controllable network of “smart” devices that help by producing data and, in some cases, controlling automation. 5G connects all of these components and puts a business owner in control of it all via cellular transmission.

    Is 5G Safe?

    Because 5G is so new, serious online threats haven’t made it into the 2020 headlines quite yet. This doesn’t necessarily mean that it’s safe, however. 5G relies mainly on software where its predecessors relied on hardware, this makes it agile but a prime target for hackers. As users rely on 5G to control smart home functions, serve as a biometric or location-based key, or even start up a connected car, cybercriminals are taking notice. When hackers can access your connected lights and cameras, your car’s engine and locks, and your phone itself, “breaking into” your life is as easy as building the right malware.

    This is an exceptionally troubling security risk for businesses, as they keep not only their own data secured but often their customers’ as well. Though each 5G-connected device or module adds flexibility and control to the mix, it’s also a potential “open door” for a breach if a determined hacker wants to get in. For example, in 2017, hackers were able to access a casino’s database through an unlikely weakness: the wi-fi connected thermometer in a large ornamental fish tank.

    Cybersecurity Protections for 5G

    If the business tech your Tucson or Phoenix-area company uses will potentially connect with or use 5G, protect yourself with an assessment from Integrated Axis. Cybercriminals won’t wait for a new year of innovations to start trying to force their way into your data, so don’t wait to protect it. With more than 20 years of experience protecting our customers, our cybersecurity team is ready for the 5G revolution, and we’re looking forward to helping your company navigate it. Contact us today!

  4. New Orleans & Cybersecurity

    Comments Off on New Orleans & Cybersecurity

    In mid-December, the city of New Orleans suffered a cybersecurity breach so severe the mayor called a state of emergency, demonstrating a significant change in the cybersecurity landscape moving into the New Year.

    The ransomware attack in New Orleans began about 5 a.m. Dec. 13, when “suspicious activity” was detected on the city’s network, according to NOLA Ready, a local emergency preparedness campaign managed by the Office of Homeland Security and Emergency Preparedness. Citing a tweet from NOLA, Forbes magazine reported “activity indicating a cybersecurity incident was detected around 11 a.m.” More than 4,000 city computers were affected.

    Upon detecting the suspicious activity, the city’s IT department ordered all employees to shut down their computers, disconnect from the Wi-Fi, and unplug their devices. The city powered down all its servers.

    Damage Caused by Cybersecurity Breach

    Later that day in a press conference, Mayor Latoy Cantrell confirmed the security breach was due to ransomware, which infects a network or device and encrypts the data, making it unusable until the owner pays a ransom. Cantrell filed a declaration of a state of emergency with the Civil District Court, stating in the document that the city of New Orleans anticipates “various state and city agencies will need to work cooperatively to mitigate any damage, current or future, as a result of the cybersecurity incident.”

    New Orleans Chief Information Officer Kim LaGrue told WWNO, a station affiliated with New Orleans Public Radio, that the city was “prepared for a ransomware attack,” which means they had backups of the targeted data. According to LaGrue, the attack didn’t progress to the point where a ransom was demanded. The city’s strategy is to simply recover the data and return the system to normal.

    However, while IT engineers inspected the affected computers and systems, many city employees – including the police department – were unable to access the technology necessary to perform their jobs. Meanwhile, the cost of rebuilding the city’s computer network was approaching $1 million as of Dec. 16th.

    City officials from New Orleans have not publicly identified what type of ransomware was deployed in the attack. Still, several cybersecurity experts believe the likely weapon was RYUK, which hit state government servers in November, according to NOLA Media Group. RYUK, which is tied to organized crime, is a type of ransomware that infiltrates a computer, encrypts files, and demands payment – often in bitcoin – to decrypt the information.

    Cyber Threats: A Perpetual Problem

    According to Forbes, the FBI on Oct. 2 issued a cyber-attack warning in response to attacks on state and local governments, healthcare organizations, industrial companies, and the transportation sector. While the frequency of attacks remains about the same, the sophistication of the attacks is increasing. They also are more targeted and costly for victims.

    NOLA Media Group cited a study from Emisoft released in mid-December that claimed the U.S. faced an “unprecedented and unrelenting barrage of ransomware attacks” in 2019. Nationwide, approximately 103 state and local governments and agencies, 759 healthcare providers, and 86 school districts, universities, and colleges were hit by cybersecurity attacks.

    Heading into 2020, both public entities and private businesses should ensure they are protected against digital infiltration perpetuated by organized crime groups and individual actors. This means not only implementing safeguards against attacks on business tech but also having a disaster response plan. IT companies such as Integrated Axis Technology Group (IA) provide IT security services to ensure businesses’ networks are protected in the face of evolving cyber threats. From risk assessment and analysis to penetration testing and network monitoring, Integrated Axis can help companies in the Tucson area strengthen their ability to mitigate and recover from cybersecurity attacks in the New Year.

  5. Password Management & Cybersecurity

    Comments Off on Password Management & Cybersecurity

    Cybersecurity information is readily available and widely circulated today. So have online hacking incidents decreased substantially? Not exactly. Hackers are still targeting personal credentials because they’re a slam dunk way to gain access to private information. According to Verizon’s 2019 Data Breach Investigations Report, stolen credentials account for 29% of all breaches, with 80% of hacking breaches traced back to weak or stolen passwords.

    We’ve talked at length about email security and the risks of password compromise under the Business Tech topics on our blog. Today, we’d like to give you concrete, actionable steps to protect your email privacy.

    Best Practices for Your Email Security

    Email has become so commonplace that individuals are often desensitized to how much delicate information they may contain. Leaving email accounts unprotected on multiple devices is like leaving your front door open. If you think of your email as your home and envision it in the worst possible neighborhood, you’d use a lock. In fact, you’d probably use several locks and an alarm system. That’s precisely how you should approach email security.

    Here are some best practices for you to mandate for your entire team:

    • Make Unique Passwords Mandatory. A common mistake is that people are using the same password across multiple accounts. If you use the same password for your private email as you do for your work email and other accounts, the hackers only have to compromise one account to have access to all of them.
    • Passwords Should Be Complex. Using personal information or simplistic passwords is another common mistake. You need to stay away from using words or information that can be guessed by knowing you or following you on social media. Ideally, passwords should appear to be a random sequence of numbers, letters, and symbols.
    • Turn Off Auto-Fill. Auto-fill seems like a godsend. It eliminates a lot of time filling out information repeatedly. But it also means that all of that information is stored where malicious actors can get it. There are even phishing attacks targeting this exact technology. Remember, the things that save us time are often the biggest holes in security.
    • Use a Business Password Manager. Keeping passwords written down can be dangerous, but if you’re following best practices, you’ll have a lot of hard to guess passwords to keep track of. Using a good password manager app can help you maintain the highest level of security in choosing passwords and making them safe.
    • Never Leave Devices Unprotected. You should need to use your password every time you check your email on every device. The same goes for other accounts.

    Looking for Expert IT in the Southwest to Manage Your Cyber Security?

    If you’re concerned about cybersecurity, contact Integrated Axis today. Our experienced technicians can assess your process, help you find the best software solutions, and develop a reliable protocol to make sure best practices are followed to protect your company’s privacy.